OAuth Authorization code flow

Описание к видео OAuth Authorization code flow

🔥More exclusive content: https://productioncoder.com/you-decid...
Twitter:   / _jgoebel  
Website: https://jangoebel.com
Blog: https://productioncoder.com

00:00 What is the OAuth authorization code flow?
02:54 OAuth authorization code example walkthrough
06:16 exchanging authorization code for an access token
08:38 OAuth CSRF protection with state parameter and PKCE
10:16 OAuth authorization code grant for server side rendered apps
11:15 conclusion

The authorization code flow is a way with which a client ( a third party application) can obtain an access token that provides it limited access to an HTTP service on behalf of a user.

The client initiates the authorization code flow by redirecting the user to the authorization server with client id, state, scopes and a redirect URl as query parameters. There, the user is asked to log into his account and confirm that he wants the third party application to access his account on his behalf. Once approved, the person gets redirected back to the client application with an authorization code in the query parameters. The application can then go and exchange this authorization code for an access token.

If the client is a confidential client, then a client secret is also needed to exchange the authorization code for an access token. Depending on the scopes that the client requested it may also receive a refresh token which allows it get fresh access token in case the current access token has expired.

Комментарии

Информация по комментариям в разработке