Skip to content

Instantly share code, notes, and snippets.

Created Apr 19, 2017
What would you like to do?
OAuth Doubts

as we know Oauth2 authorize(not authenticate) an end user's account(resource owner) to be used by third-party services

generally there are 2 types access_token generating scheme

  1. authorization_code grant
  2. implicit grant flow

this flow allow other applications to use my user's resource.


  1. generally this application redirect to my server like for login
  2. once user logged in i will show user a page that "would you like to authorize application X" with some permission
  3. as soon as user clicks on authorize i will send authorization_code (not access_token) to the application's endpoint
  4. once application get the authorization_code it will fetch the user's access_token through server by hitting
  5. after that application can retrive user's(resource owner) information on their behalf

what is my query

so the above flow is mainly designed for allowing other application to get the user(resource owner) token

but what flow should i use to manage my own website(simple login/signup flow) or should i create an application for myself too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment