O'Reilly logo

OAuth 2.0 Identity and Access Management Patterns by Martin Spasovski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 4. OAuth for Web Server Applications

Have you ever signed into a website via Facebook, LinkedIn, or Google? For example, you're visiting a news website and you wanted to leave a comment on an article, and instead of creating an account there you just signed in by clicking on a button and choosing "Approve" in Facebook?

This is just one of the many examples where OAuth 2.0 is successfully and massively used, and this kind of flow—the redirecting between the website and Facebook and back—is based on the authorization code grant, probably the most frequently used OAuth 2.0 grant.

Tip

In the OAuth 2.0 authorization framework specification (RFC 6749), this grant is defined in Section 4.1.

Authorization code grant

We can notice the following characteristics ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required