No video :(

Authorization Code Grant Flow Overview

Подписаться 794

Просмотров 13 тыс.

50% 1

We use APIs rather than raw databases so we can control who gets to see what data when and where. The OAuth Authorization Code Grant allows us to combine the security allowed for an App with the security rules allowed for a User. This video gives a quick look at how a person, app, API and Identity service all interact together in that flow.
You can try a live walkthrough with some quick JavaScript code snippets over on my tutorial site at uxapi.io/howto...

Опубликовано:

29 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 6

@iambhanu7 Год назад

I am confused. What is the API here ? Is it part of the Identity/Authorization setup? Or is it the server counterpart of the App.

@norunners_ 11 месяцев назад

The API is the resource server. No, it uses the authorization services to verify access tokens against scopes protecting their endpoints/resources. No, the app (client) is an untrusted party that the user (resource owner) can grant access to their data via API (resource server).

@autumnchills2317 Год назад

I am still fairly new to OAuth so I'm still wrapping my head around the concept of oauth clients. In your diagram, would the App be considered the oauth client or would it be the API server? I'm confused because the App would be the one consuming the token and making requests to access protected resources for the user, but the API server here is the one exchanging the auth code for tokens.

@norunners_ 11 месяцев назад

Yes, the client is sometimes called app. For example, a user (resource owner) can authorize a third party app (client) to access their data via a API server (resource service). The authorization services powers the flow by knowing the relationships (scopes) between clients and resource owners.