Category: OAuth 2.0

What is JWT and why do we need it in a microservices based application?

JWT (JSON Web Token) is a very popular way to do user authorization in microservices. It is a standard which is used to create access tokens for an application and enables secure communication between between two parties. The Industry standard specification RFC7519 outlines how information in JWT should be structured. It is widely used in … Continue reading What is JWT and why do we need it in a microservices based application?

Client Credentials Grant Type in OAuth

The Client Credentials grant type is used by applications/services to obtain an access token outside of the context of a user.It is used when applications request an access token to access their own resources, not on behalf of a user. Example you have 2 APIs one for maintaining the users and one for sending notifications … Continue reading Client Credentials Grant Type in OAuth

Implicit Grant Type in OAuth

In an Implicit Grant Type, client requests access token directly, without the need for an Authorization Code which was a step in Authorization Code flow Therefore the word "implicit" comes from the implicit authorization which we get from the from the /authorize endpoint, instead of exchanging auth code for token from /token endpointThe Implicit grant … Continue reading Implicit Grant Type in OAuth

Authorization Code Flow in OAuth

Authorization Code Flow, aka 3 Legged returns an Authorization Code to the Client, which can then be exchanged for an ID Token and an Access Token directly.Once the user authorizes the request to access protected resource , the request is redirected back to a registered endpoint to get the Authorization Code.Authorization code is then exchanged … Continue reading Authorization Code Flow in OAuth

Key Terminologies in OAuth

In the last What is OAuth blog , i shared an example of greet.com app accessing contact details for the user from another app and how the OAuth process works at high level. In this blog, i will share some key terminologies of OAuth by referring to the example shared in last blog. Resource/Protected Resource: … Continue reading Key Terminologies in OAuth

What is OAuth???

OAuth is an open standard for authorization. OAuth 2.0 is the latest and most widely used form of OAuthIt allows people to authorize applications to access another application on their behalfLet us understand this more by an exampleImagine you subscribed to an application greet.com in which you can make custom greetings/posters.Now once you build a … Continue reading What is OAuth???