https://www.4rth4s.xyz/2021/02/learning-about-oauth-framework.html [#1]
After having basic overview about Oauth2, we should discuss in details about its flow and how to implement it in several ways. Let's do this .
I. Client Credentials Grant
The Client Credentials grant type is used by clients to obtain an access token outside of the context of a user. This is typically used by clients to access resources about themselves rather than to access a user's resources.
Flow
Implementation
Server
Postman
II. Authorization Code Grant
The Authorization Code grant type is used by confidential and public clients to exchange an authorization code for an access token. After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.It is recommended that all clients use the PKCE extension with this flow as well to provide better security.
Flow
Implementation
Server port 8081
- Authorization server:
- Resource Server
- Resource Owner input his credentials to Authorization Server, prove that he is the owner and he permit the client access to his resource. If success, he is redirected with Authorizaton code. this Authorization code will be stored in each client's request. With this authorization code, the Client will receive an access token from server.
- Client access to Resource Server succesfully with access token
Postman
Happy Learning !
Không có nhận xét nào:
Đăng nhận xét