August 2018
Beginner
594 pages
22h 33m
English
Content preview from Software Architect's Handbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Authorizing with the authorization server
Once a user is authenticated and the identity token and authorization code are returned, the client application can send a token request to the token endpoint in order to receive an access token. The token request should include the client ID, the client secret, and the authorization code.
An access token is then returned from the authorization server. Access tokens are not required to be JWTs but this standard is commonly used. Access tokens can be revoked, scoped, and time-limited, providing flexibility for authorization.
The application can then use the access token to request the resource from the resource server on behalf of the user. The resource server validates the access token and responds ...