Skip to content

Instantly share code, notes, and snippets.

@jordifebrer

jordifebrer/oauth2.md

Last active October 24, 2023 07:59
Show Gist options
  • Save jordifebrer/909f9cb3af61eaff90a5c382e7a6f206 to your computer and use it in GitHub Desktop.
Save jordifebrer/909f9cb3af61eaff90a5c382e7a6f206 to your computer and use it in GitHub Desktop.
Download ZIP
Simplified OAuth 2 workflow for dummies (me!)
Raw
oauth2.md

Simplified OAuth 2 workflow for dummies (me!)

User case

A user wants profile data from an app.

Workflow

  1. User makes a request to a client (website, mobile app, etc).
  2. Client (may) redirect the user to auth server login form.
  3. User logs into the auth server.
  4. Auth server validates previous credentials and returns an access token to the client.
  5. Client sends the access token to the app.
  6. App asks to the auth server if the token is valid.
  7. Auth server validates the token and returns info to the app (TODO complete which kind of information returns, exp date ...)
  8. App provides data to the client.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment