oauth tutorial - OAuth Obtaining an Access Token - oauth2 tutorial - oauth authentication
What is an Access Token in OAuth 2.0?
- An access token is a string which identifies the user, an application, and the page.
- The access token includes the information when the token will expire and which app is created that token.
- It is necessary to acquire OAuth 2.0 client credentials from the API console.
- The access token is requested from the authorization server done by the client.
- It gets an access token from the response and then sends the token to the API that we wish to access.
- Access tokens are the applications that use to make API requests done on the user.
- The access token represents the authorization of a specific application to access specific parts of the user data.
- Access tokens must be kept confidential in transit and should be given in storage.
- The access token can only be used over an https connection, when passing it over a non-encrypted channel which would make it trivial for third parties to intercept.
- The access token is where the apps make a request to get an access token from the user.
- The Access Token, which is commonly referred to as access_token in code samples, is a credential that can be used by a client to access an API.
- The access_token should be used as a Bearer credential and is transmitted in an HTTP Authorization header to the API.
- The diagram which is given below tell us the access token
Learn OAuth 2.0 - OAuth 2.0 tutorial - process of obtaining an access token in oauth - OAuth 2.0 examples - OAuth 2.0 programs
Example of access token dummy request :
https://publicapi.example.com/oauth2/authorize?client_id=your_client_id&
redirect_uri=your_url&response_type=code
click below button to copy the code. By - oauth tutorial - oauth2 tutorial - team
- These are some of the parameters and their descriptions which are given below.
- client_id − It should be given to the client id of the application.
- redirect_uri − It should be set to the URL. After the request is authorized, the user will be redirected back.
- response_type − It can be a code or a token. The code must be used for server side applications and the token must be used for client side applications.
- The table which is given below lists the concepts of Client Credentials.
| S.No. | Concept & Description |
|---|---|
| 1 | Authorization Code
The authorization code allows accessing the authorization request and grants access to the client application to fetch the owner resources. |
| 2 | Resource Owner Password Credentials
The resource owner password credentials include only one request and one response, and is useful where the resource owner has a good relationship with the client. |
| 3 | Assertion
Assertion is a package of information that makes the sharing of identity and security information across various security domains possible. |
| 4 | Refresh Token
The refresh tokens are used to acquire a new access tokens, which carries the information necessary to get a new access token. |
| 5 | Access Token Response
Access token is a type of token that is assigned by the authorization server. |
| 6 | Access Token Error Response Codes
If the token access request, which is issued by the authorization server is invalid or unauthorized, then the authorization server returns an error response. |
