Skip to content

Instantly share code, notes, and snippets.

@neverendingqs

neverendingqs/3-legged OAuth

Last active November 7, 2016 14:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save neverendingqs/60292771a382439fcdc9369aeac09897 to your computer and use it in GitHub Desktop.
Save neverendingqs/60292771a382439fcdc9369aeac09897 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
3-legged OAuth
+-----------------+ +-----------------+ +-----------------+
| | | | | |
| Sample App | | User / Browser | | Auth Server |
| | | | | |
+--------+--------+ +--------+--------+ +--------+--------+
| | |
| | |
| GET /auth | |
| <-----------------------------+ | |
| | |
| |
| (302) GET /oauth2/auth?client_id=...&state=... |
| +---------------------------------------------------------------> |
| |
| | |
| | +--------+--------+
| |
| | User
| | Authenticates
| | + Consent
| |
| | +--------+--------+
| | |
| |
| (302) GET /callback?code=...&state=... |
| <---------------------------------------------------------------+ |
| |
| | |
| | |
| | |
+-----------------+ | |
| | | POST /core/connect/token |
| Resource Server | | Authorization: Basic client_id:client_secret |
| | | grant_type=authorization_code&code=... |
+--------+--------+ | +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -> |
| | Response: { access_token = ... } |
| | |
| | | |
| | | |
| Use Access Token to | | |
| <- - - - - - - - - - - - - - -+ | | |
| access APIs | | |
| | | |
| | Display results | |
| | +-----------------------------> | |
| | | |
+ + + +
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment