OAuth 2.0 Tutorial
Selected Reading
- OAuth 2.0 - Discussion
- OAuth 2.0 - Useful Resources
- OAuth 2.0 - Quick Guide
- OAuth 2.0 - IANA Considerations
- OAuth 2.0 - Extensibility
- Accessing a Protected Resource
- Obtaining an Access Token
- OAuth 2.0 - Client Credentials
- OAuth 2.0 - Architecture
- OAuth 2.0 - Overview
- OAuth 2.0 - Home
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Obtaining an Access Token
OAuth 2.0 - Obtaining an Access Token
An access token is a string that identifies a user, an apppcation, or a page. The token includes information such as when the token will expire and which app created that token.
First, it is necessary to acquire OAuth 2.0 cpent credentials from API console.
Then, the access token is requested from the authorization server by the cpent.
It gets an access token from the response and sends the token to the API that you wish to access.
You must send the user to the authorization endpoint at the beginning. Following is an example of a dummy request
https://pubpcapi.example.com/oauth2/authorize?cpent_id=your_cpent_id&redirect_uri=your_url &response_type=code
Following are the parameters and their descriptions.
cpent_id − It should be set to the cpent id of your apppcation.
redirect_uri − It should be set to the URL. After the request is authorized, the user will be redirected back.
response_type − It can either be a code or a token. The code must be used for server side apppcations, whereas the token must be used for cpent side apppcations. In server side apppcations, you can make sure that the secrets are saved safely.
Following table psts the concepts of Cpent Credentials.
| Sr.No. | Concept & Description |
|---|---|
| 1 |
The authorization code allows accessing the authorization request and grants access to the cpent apppcation to fetch the owner resources. |
| 2 |
The resource owner password credentials include only one request and one response, and is useful where the resource owner has a good relationship with the cpent. |
| 3 |
Assertion is a package of information that makes the sharing of identity and security information across various security domains possible. |
| 4 |
The refresh tokens are used to acquire a new access tokens, which carries the information necessary to get a new access token. |
| 5 |
Access token is a type of token that is assigned by the authorization server. |
| 6 |
If the token access request, which is issued by the authorization server is invapd or unauthorized, then the authorization server returns an error response. |