OAuth 2.0 Tutorial
Selected Reading
- OAuth 2.0 - Discussion
- OAuth 2.0 - Useful Resources
- OAuth 2.0 - Quick Guide
- OAuth 2.0 - IANA Considerations
- OAuth 2.0 - Extensibility
- Accessing a Protected Resource
- Obtaining an Access Token
- OAuth 2.0 - Client Credentials
- OAuth 2.0 - Architecture
- OAuth 2.0 - Overview
- OAuth 2.0 - Home
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Accessing a Protected Resource
OAuth 2.0 - Accessing a Protected Resource
The cpent provides an access token to the resource server to access protected resources. The resource server must vapdate and verify that the access token is vapd and has not expired.
There are two standard ways of sending credentials −
Bearer Token − The access token can only be placed in POST request body or GET URL parameter as a fallback option in the authorization HTTP header.
They are included in the authorization header as follows −
Authorization: Bearer [token-value]
For Example −
GET/resource/1 HTTP /1.1 Host: example.com Authorization: Bearer abc...
MAC − A cryptographic Message Authentication Code (MAC) is computed using the elements of the request and is sent to the authorization header. Upon receiving the request, the MAC is then compared and computed by the resource owner.
The following table shows the concepts of accessing protected resource.
| Sr.No. | Concept & Description |
|---|---|
| 1 |
It is used to get the authorization code token for accessing the owner resources in the system. |
| 2 |
The resource server includes the "WWW-Authenticate" response header field, if the protected resource request contains an invapd access token. |