Software Development by Patrik

Authorization Code Flow

  1. The user navigates to SPA, which redirects the user to IdP to sign in.
  2. User signs in (and authorizes the application, if needed).
  3. IdP returns the user to SPA with Authorization Code.
  4. JavaScript code in SPA sends the Authorization Code to a login endpoint on the REST API Server.
  5. The REST API Server sends a request to the IdP Server containing the Authorization Code (and usually also a Client ID and Client Secret, which identify the REST API Server to the IdP server).
  6. The IdP validates the Authorization Code and sends the Access Token and ID Token to the REST API Server.
  7. The REST API Server stores the Access Token and ID Token in its memory and send its own Session Token back to the SPA.
  8. For every request the SPA makes to the REST API Server, it includes the Session Token which the REST API Server gave it. If the REST API Server needs to request resources from another server, it uses the stored Access Token to make that request.

 

Add to Set
Add to Set
Share
Share on Twitter Share on Facebook Share on LinkedIn Share on Reddit Share on WhatsApp Send via Email Copy Link to Clipboard
Referenced in:

Comments

Leave a Comment

All fields are required. Your email address will not be published.
Copyright © Snippset 2022. All Rights Reserved.