oauth tutorial - OAuth Web Server - oauth2 tutorial - oauth authentication
What is Web Server in OAuth 2.0?
- The OAuth 2.0 web server is a computer system which delivers the web pages to the users done by using HTTP.
- The client ID and password are stored on the web application server, where the application wants to access the resource server.
- Hence the client ID and password are said to be protected because it should not be known by other users. The web server authentication flow is used by apps that are hosted on a secure server
- Web server applications also use service accounts to authorize API requests, when calling Cloud APIs to access project-based data
- Web server applications can use service accounts to authentic with the user authorization.
- The diagram which is given below tell us about the Confidential Client Web Application Server
learn oauth tutorial - oauth web server - oauth example
Description of the diagram
- The resource owner allows the confidential client to access the data which is hosted on the resource server, where client ID and password are kept protected on the server.
- The client ID and password are said to be unique to the client application done for the authorization server.
- The resource server is a server, which hosts the resources such as Facebook, Twitter, and Google. This resource which is stored on the resource server is accessed by the client application and the resource owner owns these resources.
- The resources of the resource owner are accessed by the authorization server by using confidential client web application.
- The diagram which is given below show us the diagram, web server and Salesforce for web server
learn oauth tutorial - oauth web server and salesforce - oauth example
- The web server redirects to Salesforce to authenticate and authorize the server to access the data which is done based on the user
- After the user approves to give access, the web server receives a callback with an authorization code.
- After obtaining the authorization code, the web server passes back to the authorization code to get a token response.
- After validating the authorization code, Salesforce passes a token response. If there’s no error, the token response will include an access code and additional information given for the token.
- After the token is granted, the web server accesses the user’s data.
- After a web server has an access token, the client can use the access token to access Salesforce data on the end user’s and also can use a refresh token to get a new access token.