Software Development by Patrik

Authorization Code Grant

The authorization server will issue:

  • an id_token used by the application to authenticate the user and
  • an access_token which is used by the application to call the API on the users' behalf.

Specification: OAuth 2.0 Authorization Code Grant

Add to Set
Add to Set
Share
Share on Twitter Share on Facebook Share on LinkedIn Share on Reddit Share on WhatsApp Send via Email Copy Link to Clipboard

Authorization Code Flow
...see more
  1. The user navigates to SPA, which redirects the user to IdP to sign in.
  2. User signs in (and authorizes the application, if needed).
  3. IdP returns the user to SPA with Authorization Code.
  4. JavaScript code in SPA sends the Authorization Code to a login endpoint on the REST API Server.
  5. The REST API Server sends a request to the IdP Server containing the Authorization Code (and usually also a Client ID and Client Secret, which identify the REST API Server to the IdP server).
  6. The IdP validates the Authorization Code and sends the Access Token and ID Token to the REST API Server.
  7. The REST API Server stores the Access Token and ID Token in its memory and send its own Session Token back to the SPA.
  8. For every request the SPA makes to the REST API Server, it includes the Session Token which the REST API Server gave it. If the REST API Server needs to request resources from another server, it uses the stored Access Token to make that request.

 

Open
Add to Set
Comment
Share
Add to Set
Twitter Facebook LinkedIn
Email Copy Link to Clipboard
Referenced in:

Comments

Copyright © Snippset 2022. All Rights Reserved.