Understanding authorization and OAuth2 schemes

As we now understand, proving a correct identity is authentication, and allowing a specific action by authenticated users is authorization. In this section, we will present a brief about OAuth—an industry-standard protocol for authorization – along with a few authorization schemes. When we mention the OAuth IETF OAuth Working Group (https://tools.ietf.org/wg/oauth/) in this section, it's OAuth 2.0, which focuses on client-developer simplicity (a RESTful principle) while providing specific authorization flows for various application use cases such as desktop applications, web applications, mobile phones, and even IoT-enabled living room devices.

Before we move on to OAuth 2.0 schemes, let's understand ...

Get Hands-On RESTful API Design Patterns and Best Practices now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.