OAuth - authorzation, allow logged in user on a client server to fetch data from another remote server.
1. Oauth server creates client ID and client secret, Oauth server creates authrozation url, and token url,
2. Client sends get request with client ID and client secret as query parameter to Oauth server authorization url. Client must provide a redirect url for success authroization
3. Authrozation url checks client ID and secret, and prompts window to ask user to authorize access.
4. If every thing is successful, Oautho server will redirect client to client's redirect url and provide authorization code as query parameter.
5. client then send POST request to Oauth server token url with authorization code to get oauth token.
6. For every API call, client needs to do it like JWT, add an authoirization header with bearer: oauth token to send get/post/put requests.
https://support.panopto.com/s/article/How-to-Get-OAuth2-Access-Tokens-for-Users#hTargetInstance0
https://stackoverflow.com/questions/12152247/whats-the-purpose-of-the-client-secret-in-oauth2
OAUTH SERVER provider : GOOGLE, your own, .and many more
No comments:
Post a Comment