About OAuth 2.0
OAuth 2.0 is an authorization protocol that is widely used for accessing social media user information and hence allows SSO Server to identify users based on their social media accounts, given that said user authorizes this.
...
- The OAuth 2.0 client (SSO Server) redirects the Resource Owner (or end-user) to authenticate in the Authorization Server's Authorization Endpoint.
- The Resource Owner authenticates and may to authorize the client to access his or her resources.
- The Resource Owner's user agent returns to the Client along with an authorization code, which the Client then uses to request an access token from the Authorization Server's Token Endpoint.
- If the Client's request is approved, the Token Endpoint returns an access token, which the Client then uses to access the Resource Owner's information from the Resource Server.
Gliffy | ||||
---|---|---|---|---|
|
Terms and Definitions
TERM | DEFINITION |
---|---|
Client | RFC-6749: An application making protected resource requests on behalf of the resource owner and with its authorization. The term "client" does not imply any particular implementation characteristics (e.g, whether the application executes on a server, a desktop, or other devices). |
Resource Owner | RFC-6749: An entity capable of granting access to a protected resource. When the resource owner is a person, it is referred to as an end-user. |
Resource Server | RFC-6749: The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens. |
Authorization Server | RFC-6749: The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization. |
Authorization Endpoint | RFC-6749: Used by the client to obtain authorization from the resource owner via user-agent redirection. |
Token endpoint | RFC-6749: Used by the client to exchange an authorization grant for an access token, typically with client authentication. |
Redirection Endpoint | RFC-6749: Used by the authorization server to return responses containing authorization credentials to the client via the resource owner user-agent. |
UserInfo Endpoint | OpenID Connect: The UserInfo Endpoint is an OAuth 2.0 Protected Resource that returns Claims about the authenticated End-User. To obtain the requested Claims about the End-User, the Client makes a request to the UserInfo Endpoint using an Access Token obtained through OpenID Connect Authentication. These Claims are represented as a JSON object that contains a collection of name and value pairs for the Claims. |
...