Breaking News: Grepper is joining You.com. Read the official announcement!
Check it out

OAuth 2.0 – authorization code grant flow

Pragya Keshap answered on February 18, 2023 Popularity 8/10 Helpfulness 1/10

Contents


More Related Answers

  • google calendar Request had insufficient authentication scopes
  • Authorization code grant flow
  • Oauth2 Full authentication is required to access this resource
  • oauth 2 grant types
  • Centralized Authorization with OAuth2 & Opaque Tokens using Spring Boot 2
  • how to get authorization code from one.com
  • the oauth 2.0 authorization framework
  • Service to Service with OAuth2 Client Credentials Flow
  • scoped based authorization with OAuth2
  • Authorization code flow with PKCE by Oauth2
  • Client credentials grant flow
  • What do you mean by OAuth2 Authorization code grant type?

  • OAuth 2.0 – authorization code grant flow

    0

    The client application initiates the grant flow by sending the user to the authorization server in the web browser.

    The authorization server will authenticate the user and ask for the user's consent.

    The authorization server will redirect the user back to the client application with an authorization code. The authorization server will use a redirect URI specified by the client in step 1 to know where to send the authorization code. Since the authorization code is passed back to the client application using the web browser, that is, to an unsecure environment where malicious JavaScript code can potentially pick up the authorization code, it is only allowed to be used once and only during a short time period.

    To exchange the authorization code for an access token, the client application is expected to call the authorization server again. The client application must present its client ID and client secret together with the authorization code for the authorization server. Since the client secret is sensitive and must be protected, this call must be executed from server-side code.

    The authorization server issues an access token and sends it back to the client application. The authorization server can also, optionally, issue and return a refresh token.

    Using the access token, the client can send a request to the protected API exposed by the resource server.

    The resource server validates the access token and serves the request in the event of a successful validation. Steps 6 and 7 can be repeated as long as the access token is valid. When the lifetime of the access token has expired, the client can use their refresh token to acquire a new access token.

    Popularity 8/10 Helpfulness 1/10 Language whatever
    Source: Grepper
    Link to this answer
    Share Copy Link
    Contributed on Feb 18 2023
    Pragya Keshap
    0 Answers  Avg Quality 2/10


    X

    Continue with Google

    By continuing, I agree that I have read and agree to Greppers's Terms of Service and Privacy Policy.
    X
    Grepper Account Login Required

    Oops, You will need to install Grepper and log-in to perform this action.