oauth tutorial - OAuth Obtaining End User Authorization - oauth2 tutorial - oauth authentication
What is End-User Authorization in OAuth 2.0?
- The authorization end points are the URL which makes an authentication request on the authorization server
- The authorization end points help the resource owner logs in and permits to access the data to the client application.
- The authorization end points are typically a URI on a web server and hence it is used as an instance, the address of a Java servlet, JSP page, PHP page, ASP.NET page.
- The diagram which is given below describe the authorization end user
Learn OAuth - OAuth tutorial - OAuth End User Authorization - OAuth examples - OAuth programs
Description of the diagram
- First the client gives access to the client web application.
- Second, the client clicks the login button and then the user is redirected to the client app
- The client then logs into client app which is done through the authentication server
- Third, the client app gets access from the authorization server and is send back to the user which is done through an endpoint. This endpoint which is used here is known as Authentication Endpoint
- Fourth, it redirects the client to the client app and also it redirects to the URL + Authentication code which is done through an endpoint. Hence this endpoint is known as Redirect Endpoint. ,
- Fifth, the client has been granted access the redirect URL.
- Providing this redirect URI is done by registering the client application with the authenticate web application.
- During the registration the client of the web application registers the redirect URI application a client id and a client password.
- Sixth, the user sends the authentication code and hence it can be done by using the code Client id + Secret which uses an endpoint called Token Endpoint.
- Seventh, the authorization server sends back an access token which the access token has the username and password of the site.
- Eighth, the client web application has received the access token, the client has been granted access to log into the client app and after log in, it has been sent back to the client.
- Hence the end user authorization has three different types of endpoints and they are
- Authorization Endpoint
- Redirection Endpoint
- Token Endpoint
Authorization Endpoint
- Authorization endpoint is used to interact with the resource owner who permits the authorization access to the resource of the resource owner.
- The user accesses the resources of the resource owner by using the client web application.
- The client web application is provided with the client id and client password which is done during registration of the redirect URI (Uniform Resource Identifier).
- Then, the user can login through the client application which is done on the authorization server contains the Authorization Endpoint.
- Authorization endpoint redirects the client to the URI (Uniform Resource Identifier) and sends the authentication code to the user.
Redirect Endpoint
- The redirect endpoint is the endpoint which is used in the client application
- The user accesses the page located at redirect URI (Uniform Resource Identifier) in the client application.
- The client application provides client id, client password and authentication code to the authorization server.
- The redirect endpoint redirects the client to the client app and hence it is done through redirect URL + Authentication code to the user.
Token Endpoint
- The user sends the authentication code and hence it can be done by using the code Client id + Secret which uses an endpoint called Token Endpoint.
- The client web application provides the client id, client password and authorization code to obtain an access token.
- Token Endpoint grants an access token which is used in the client web application with the help of client id, client password and authorization code to obtain it
- The client application sends the credentials back to the user along with the access token.
- Once the user receives the access token, it can be sent to the access resources such as Facebook, Google.