ONE$ && ZER0$

In previous blog posts about OAuth 2.0  and  OAuth Grant Types  I discussed about the basic idea of OAuth 2.0 framework and the four main grant types of retrieving an access-token. Comparing all four grant types, you can see that the "Authorization code" grant type is somewhat complex than the other three grant types. So, I thought about developing a simple web based java application just to demonstrate the message passing (requests and responses) flow of  OAuth 2.0 Authorization code grant type. Again, if you are not familiar with OAuth 2.0 framework or its grant types, visit my blog posts about, OAuth 2.0  OAuth 2.0 Token Grants   😊 As I was saying, I developed an application to demonstrate the flow of authorization_code grant, and I used JAVA as the language, Apache Maven as the building tool and Apache Tomcat as the web server. Lets see how this works. 😉 As you remember, the first thing to do as a client is to get the authorization code....

In the previous blog post, I explained what’s OAuth and how it can be used when developing applications. And also I explained the four roles and the tasks of each role when it comes to retrieving protected resources. Also in the previous blog post I simply describe about the main four grant types that a client can use to retrieve an access-token. So in this blog post, I’m planning to go in detail with these grant types. Authorization code grant type The authorization code grant type is used to obtain both access tokens and refresh tokens, and this type is optimized for confidential client. Refresh token are credentials to get an access-token, or in simple form, refresh token are used to get a new token when the current token was expired or invalid. In authorization code grant type, first the client initiates the flow by directing the resource owner’s user-agent (the web browser) to the authorization endpoint at the authorization server using HTTP GET req...