Versions Compared

Old Version 3

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2

About OAuth 2.0

OAuth 2.0 is an authorization protocol that is widely used for accessing social media user information and hence allows SSO Server to identify users based on their social media accounts, given that said user authorizes this.

...

  1. The OAuth 2.0 client (SSO Server) redirects the Resource Owner (or end-user) to authenticate in the Authorization Server's Authorization Endpoint.
  2. The Resource Owner authenticates and may to authorize the client to access his or her resources.
  3. The Resource Owner's user agent returns to the Client along with an authorization code, which the Client then uses to request an access token from the Authorization Server's Token Endpoint.
  4. If the Client's request is approved, the Token Endpoint returns an access token, which the Client then uses to access the Resource Owner's information from the Resource Server.

Gliffy
nameOAuth authorization flowpageid14614593Authorization Flow

Terms and Definitions

TERM

DEFINITION

Client

RFC-6749: An application making protected resource requests on behalf of the resource owner and with its authorization. The term "client" does not imply any particular implementation characteristics (e.g, whether the application executes on a server, a desktop, or other devices).

Resource Owner

RFC-6749: An entity capable of granting access to a protected resource. When the resource owner is a person, it is referred to as an end-user.

Resource Server

RFC-6749: The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens.

Authorization Server

RFC-6749: The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization.

Authorization Endpoint

RFC-6749: Used by the client to obtain authorization from the resource owner via user-agent redirection.

Token endpoint

RFC-6749: Used by the client to exchange an authorization grant for an access token, typically with client authentication.

Redirection Endpoint

RFC-6749: Used by the authorization server to return responses containing authorization credentials to the client via the resource owner user-agent.

UserInfo Endpoint

OpenID Connect: The UserInfo Endpoint is an OAuth 2.0 Protected Resource that returns Claims about the authenticated End-User. To obtain the requested Claims about the End-User, the Client makes a request to the UserInfo Endpoint using an Access Token obtained through OpenID Connect Authentication. These Claims are represented as a JSON object that contains a collection of name and value pairs for the Claims.