OAuth 2.0

1,198 views
1,007 views

Published on

Simple walk through of the basic message flow.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,198
On SlideShare
0
From Embeds
0
Number of Embeds
17
Actions
Shares
0
Downloads
16
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

OAuth 2.0

  1. 1. OAuth 2.0Andreas Åkre Solberg, UNINETT ASMarch 19th, 2013
  2. 2. Authorization code Token flow storage Authorization Feide Resource server server aut iss hen ted g i ap tec sin ues tica nt pro cces gra tok tes a ne Client Resource owner (with browser)
  3. 3. Implicit grant Token flow storage Authorization Feide Resource server server grant i ap issues token au th d te ent e c ic ot at p r es i ng s c es ac browser Resource owner (with browser)
  4. 4. ✤ Authorization Code✤ Implicit Grant✤ (Resource Owner Password Credentials)✤ (Client Credentials)
  5. 5. ✤ Accessing protected API✤ How do we obtain the token? Token storage Authorization Feide Resource server server aut iss hen ted g i ap tec sin ues tica nt pro cces gra tok tes a n e Client Resource owner (with browser)
  6. 6. Authorization Code Flow✤ Authorization Request✤ User authenticates Token storage✤ User accepts client grant Feide Authorization server Resource server aut iss hen ted g i ap tec sin ues tica nt pro cces gra tok tes a n e Client Resource owner (with browser)
  7. 7. ✤ Access token request Token storage✤ Access token response Authorization Feide Resource server server aut iss hen ted g i ap tec sin ues tica nt pro cces gra tok tes a n e Client Resource owner (with browser)
  8. 8. Implicit Grant Flow✤ Authorization Request✤ User authenticates Token storage✤ User accepts client grant Feide Authorization Resource server server grant i ap issues token au th ed ent e ct ic ot at pr es g sin c es ac browser Resource owner (with browser)
  9. 9. Client Token storage storage Client Authorization Feide Resource serverManagement server Client Client owner Resource owner(with browser) (with browser)
  10. 10. Resource serverUWAP Token Client storage storage Feide SOA Authorization Client Gatekeeper server Management Client Client owner

×