In a traditional client-server authentication model, a resource owner shares their credentials with the client so that the client can access its resources when necessary. The client does that by passing the resource owner’s credentials to the resource server, and the resource server validates the same before providing access to the protected resource(s). Simple, right? 

Well, there are a bunch of problems associated with this model, a few of which are listed below:

Source de l’article sur DZONE