Oauth

From Logic Wiki
Revision as of 09:40, 15 February 2019 by AliIybar (Talk | contribs) (Output)

Jump to: navigation, search


https://knpuniversity.com/screencast/oauth/intro#play

OAuth Actors

OAuth Provider

Based on 3 components

Authentication Provider

Username and Password

Consent Server

Which parts of system a client can access

Token Management Infrastructure

it keeps data like : Access token, refresh token, when it was created and when it's invalid, when it's revoked

Resource Provider

Makes a protected resource available via HTTP Protocol

ie : Twitter

Resource Server

  • Holds Resources
  • Protects resources
  • Makes resources available via API

Resource Owner

Owner of the protected resource.

  • Owns resources
  • Delegates right to access the resource to a third party app

ie : @aliiybar

Client

An application trying to access a protedted resource.

  • Wants to access resources
  • Gets and holds Access Token and Refresh Token
  • Should NOT hold password of Resource Owner
  • Identified via ClientID and Client Secret


ie : Mobile app

OAuth Server - Endpoints

/authorize GET

Input Query Parameters

  • state
  • scope
  • response_type
  • client_id
  • redirect_uri

Output

according to response_type the output is one of the items below

  • Authorization Code (for Authorization Code Grant)
  • Access Token (for Implicit Grant)

/token POST

Authorization : Basic clientId:clientSecret

Access Token and Refresh Token (for Authorization Code Grant, Client Credentials Grant and Resource Owner Password Credentials Grant)

/verify - not standardized

only internally accessible by Resource Server

Retrieved from "http://logicwiki.co.uk/index.php?title=Oauth&oldid=1895"