Skip to content

Instantly share code, notes, and snippets.

@LabN36

LabN36/oauth.md

Created April 19, 2017 11:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save LabN36/c4b2a2658df4ffbd61a25177ba0c0e6a to your computer and use it in GitHub Desktop.
Save LabN36/c4b2a2658df4ffbd61a25177ba0c0e6a to your computer and use it in GitHub Desktop.
Download ZIP
OAuth Doubts
Raw
oauth.md

as we know Oauth2 authorize(not authenticate) an end user's account(resource owner) to be used by third-party services

generally there are 2 types access_token generating scheme

  1. authorization_code grant
  2. implicit grant flow

this flow allow other applications to use my user's resource.

steps

  1. generally this application redirect to my server like login.myapp.com for login
  2. once user logged in i will show user a page that "would you like to authorize application X" with some permission
  3. as soon as user clicks on authorize i will send authorization_code (not access_token) to the application's endpoint
  4. once application get the authorization_code it will fetch the user's access_token through server by hitting
  5. after that application can retrive user's(resource owner) information on their behalf

what is my query

so the above flow is mainly designed for allowing other application to get the user(resource owner) token

but what flow should i use to manage my own website(simple login/signup flow) or should i create an application for myself too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment