Client Credentials Grant Type in OAuth

The Client Credentials grant type is used by applications/services to obtain an access token outside of the context of a user.It is used when applications request an access token to access their own resources, not on behalf of a user. Example you have 2 APIs one for maintaining the users and one for sending notifications … Continue reading Client Credentials Grant Type in OAuth

Implicit Grant Type in OAuth

In an Implicit Grant Type, client requests access token directly, without the need for an Authorization Code which was a step in Authorization Code flow Therefore the word "implicit" comes from the implicit authorization which we get from the from the /authorize endpoint, instead of exchanging auth code for token from /token endpointThe Implicit grant … Continue reading Implicit Grant Type in OAuth

Authorization Code Flow in OAuth

Authorization Code Flow, aka 3 Legged returns an Authorization Code to the Client, which can then be exchanged for an ID Token and an Access Token directly.Once the user authorizes the request to access protected resource , the request is redirected back to a registered endpoint to get the Authorization Code.Authorization code is then exchanged … Continue reading Authorization Code Flow in OAuth

Key Terminologies in OAuth

In the last What is OAuth blog , i shared an example of app accessing contact details for the user from another app and how the OAuth process works at high level. In this blog, i will share some key terminologies of OAuth by referring to the example shared in last blog. Resource/Protected Resource: … Continue reading Key Terminologies in OAuth

What is OAuth???

OAuth is an open standard for authorization. OAuth 2.0 is the latest and most widely used form of OAuthIt allows people to authorize applications to access another application on their behalfLet us understand this more by an exampleImagine you subscribed to an application in which you can make custom greetings/posters.Now once you build a … Continue reading What is OAuth???