JWT (JSON Web Token) is a very popular way to do user authorization in microservices. It is a standard which is used to create access tokens for an application and enables secure communication between between two parties. The Industry standard specification RFC7519 outlines how information in JWT should be structured. It is widely used in … Continue reading What is JWT and why do we need it in a microservices based application?
The Client Credentials grant type is used by applications/services to obtain an access token outside of the context of a user.It is used when applications request an access token to access their own resources, not on behalf of a user. Example you have 2 APIs one for maintaining the users and one for sending notifications … Continue reading Client Credentials Grant Type in OAuth
In an Implicit Grant Type, client requests access token directly, without the need for an Authorization Code which was a step in Authorization Code flow Therefore the word "implicit" comes from the implicit authorization which we get from the from the /authorize endpoint, instead of exchanging auth code for token from /token endpointThe Implicit grant … Continue reading Implicit Grant Type in OAuth
Authorization Code Flow, aka 3 Legged returns an Authorization Code to the Client, which can then be exchanged for an ID Token and an Access Token directly.Once the user authorizes the request to access protected resource , the request is redirected back to a registered endpoint to get the Authorization Code.Authorization code is then exchanged … Continue reading Authorization Code Flow in OAuth
In the last What is OAuth blog , i shared an example of greet.com app accessing contact details for the user from another app and how the OAuth process works at high level. In this blog, i will share some key terminologies of OAuth by referring to the example shared in last blog. Resource/Protected Resource: … Continue reading Key Terminologies in OAuth