Introduction to OAuth
  • 29 Nov 2019
  • 1 Minute to read
  • PDF

Introduction to OAuth

  • PDF

Article summary

OAuth is an open standard to authorization. OAuth provides client applications a ‘secure delegated access’ to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials.

A technical specification of OAuth is described in the standard RFC 6749. For an non-technical simple specification is given in this guide.

Authorization endpoint

This endpoint ensures that the user is logged in and has authorized access to the desired resource. It returns an authorization code as per the OAuth specification. If the user is not already logged in, she will be presented with the same GUI as the loginUrl.

Authorization code

The authorization token is provided by the authorization endpoint and is used with the token endpoint to get an access token.

Token endpoint

The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token. The token endpoint is used with every authorization grant except for the implicit grant type (since an access token is issued directly). See the OAuth specification.

Access token

The access token is provided by the token endpoint and is required in order to access the ConnectID APIs.