ONE$ && ZER0$

In the previous blog post, I explained what’s OAuth and how it can be used when developing applications. And also I explained the four roles and the tasks of each role when it comes to retrieving protected resources. Also in the previous blog post I simply describe about the main four grant types that a client can use to retrieve an access-token. So in this blog post, I’m planning to go in detail with these grant types. Authorization code grant type The authorization code grant type is used to obtain both access tokens and refresh tokens, and this type is optimized for confidential client. Refresh token are credentials to get an access-token, or in simple form, refresh token are used to get a new token when the current token was expired or invalid. In authorization code grant type, first the client initiates the flow by directing the resource owner’s user-agent (the web browser) to the authorization endpoint at the authorization server using HTTP GET req

If you try to create an account or login to some websites or any other application, as an example when you want to create an account in N VIDIA, there’s an option that you can create an account simply by using facebook. So there’s this button called “Login with Facebook” which you click and use your facebook account’s details. It’s easy to use facebook than creating a new account and remembering the passwords and all, and your facebook account also holds the relevant information. Did you ever think about what’s happening behind the scene of this process? That’s where the OAuth comes in. OAuth is an authorization framework that enables a third-party application to obtain limited access and use authorized resources of a HTTP service, as an example facebook. This can happen either on behalf of a resource owner by arranging an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own be