OAuth 2 explained theory

By -

What is OAuth2

This protocol allows third-party applications to grant limited access to an HTTP service, either on behalf of a resource owner or by allowing the third-party application to obtain access on its own behalf. Access is requested by a client, it can be a website or a mobile application for example.


Roles
The Third-Party Application: "Client"

The client is the application that is attempting to get access to the user's account. It needs to get permission from the user before it can do so.

The API: "Resource Server"

The resource server is the API server used to access the user's information.

The Authorization Server

This is the server that presents the interface where the user approves or denies the request. In smaller implementations, this may be the same server as the API server, but larger scale deployments will often build this as a separate component.

The User: "Resource Owner"

The resource owner is the person who is giving access to some portion of their account.

Request details for a client application to access token .
Send a request to Google's OAuth 2.0 server.

o obtain user authorization, send a request to Google's authorization server at https://accounts.google.com/o/oauth2/v2/auth. This endpoint handles active session lookup, authenticates the user, and obtains user consent. The endpoint is only accessible over SSL, and it refuses HTTP (non-SSL) connections.

The authorization server supports the following query string parameters for installed applications:
client_id

redirect_uri -Required. Determines how Google's authorization server sends a response to your app. There are several redirect options available to installed apps, and you will have set up your authorization credentials with a particular redirect method in mind.

Sample url

https://accounts.google.com/o/oauth2/v2/auth?
 scope=email%20profile&
 response_type=code&
 state=security_token%3D138r5719ru3e1%26url%3Dhttps://oauth2.example.com/token&
 redirect_uri=com.example.app:/oauth2redirect&
 client_id=client_id





Exchange authorization code for refresh and access tokens






codeThe authorization code returned from the initial request.


client_idThe client ID obtained from the API Console.


client_secretThe client secret obtained from the API Console. This value is not needed for clients registered as Android, iOS, or Chrome applications.


redirect_uriOne of the redirect URIs listed for your project in the API Console.


grant_typeAs defined in the OAuth 2.0 specification, this field must contain a value of authorization_code




POST /oauth2/v4/token HTTP/1.1
Host: www.googleapis.com
Content-Type: application/x-www-form-urlencoded

code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7&
client_id=your_client_id&
client_secret=your_client_secret&
redirect_uri=https://oauth2.example.com/code&
grant_type=authorization_code

Comments

Post a Comment

Popular posts from this blog

JPA JPQL advantages and disadvantage

By -
Image
wrong side with this JPQL query content belongs to ibm developer site highly thanks to them for basic and detailed explanation- https://www.ibm.com/developerworks/library/j-typesafejpa/ The Java developer community has welcomed JPA since its introduction in 2006. The next major update of the specification — version 2.0 (JSR 317) — will be finalized later in 2009 (see  Resources ). One of the key features introduced in JPA 2.0 is the Criteria API, which brings a unique capability to the Java language: a way to develop queries that a Java compiler can verify for correctness at compile time. The Criteria API also includes mechanisms for building queries dynamically at run time. This article introduces the Criteria API and the closely associated  metamodel  concept. You will learn how to use the Criteria API to develop queries that a Java compiler can check for correctness to reduce run-time errors, in contrast to string-based Java Persistence Query Language (JPQ...
Read more
By -
Enum , Strategy pattern, Open/close principle -  Strategy design pattern - is based upon open closed design principle, the 'O' of famous SOLID design principles.  Strategy pattern allows to encapsulate possible changes in a process and encapsulate that in a Strategy class. By doing that your process (mainly a method) depends upon a strategy, higher level of abstraction than implementation. This makes your process open for extension by providing new Strategy implementation, but closed for modification, because the introduction of a new strategy doesn't require a change in a tested method. That's how it confirms open closed design principle.Strategy pattern is one of the famous pattern, which takes advantage of polymorphism, to remove switch cases and strive for open close design principle. Formally it encapsulate related algorithm, known as strategy and make them interchangeable. open/closed principle - In object-oriented programming, the open/closed principle s...
Read more

Java8 Collectors mapping and joining function usages

By -
1.         What is annotation in java? Writing custom annotations and internal working of annotations. 2.         What is Generics in java? Wildcards in generics and writing the custom Generic class (Generic Use) 3.         What are the different collections you have used in your previous projects? Internal working of HashMap, TreeMap and PriorityQueue. 4.         What are Fail-Safe and Fail-Fast mechanism of iterators? 5.         What is volatile and differences between Atomic Classes (AtomicInteger, AtomicDouble) and volatile. 6.         What is Lock interface and its implementation and how lock is different from synchronized keyword. 7.         What are the blocked collections in java? 8.         Differences ...
Read more