- OAuth 2.0 Tutorial
- OAuth 2.0 - Home
- OAuth 2.0 - Overview
- OAuth 2.0 - Architecture
- OAuth 2.0 - Client Credentials
- Obtaining an Access Token
- Accessing a Protected Resource
- OAuth 2.0 - Extensibility
- OAuth 2.0 - IANA Considerations
- OAuth 2.0 Useful Resources
- OAuth 2.0 - Quick Guide
- OAuth 2.0 - Useful Resources
- OAuth 2.0 - Discussion
OAuth 2.0 - Obtaining End-User Authorization
The authorization end points are the URL's which makes an authentication request on the authorization server, in which the resource owner logs in and permits to access the data to the client application. For instance, address of JSP page, PHP page, etc.
The authorization end user can be described as shown in the following diagram.
The authorization endpoint can be defined in three ways −
- Authorization Endpoint
- Redirection Endpoint
- Token Endpoint
Authorization Endpoint
Authorization endpoint can be used to interact with the resource owner who permits the authorization to access the resource of the resource owner.
First, the user accesses the resources of the resource owner by using the client application. The client application will be provided with the client id and client password during registering the redirect URI (Uniform Resource Identifier).
Next, the user can login via client application on the authorization server. which contains Authorization Endpoint.
Authorization endpoint redirects the user with URI (Uniform Resource Identifier) and authentication code to the user.
Redirect Endpoint
The user accesses the page located at redirect URI (Uniform Resource Identifier) in the client application.
The client application provides client id, client password and authentication code to the authorization server.
Token Endpoint
At this point, the client application interchanges the client id, client password and authorization code to obtain an access token.
The client application sends these credentials to the user along with the token. Once the user receives the token, it can be sent to the access resources such as Facebook, Google, etc. to access the resources in the system, related to the logged in users.