2. 3 Legged OAuth
Developer-App
End-User
(resource owner)
OAuth Provider
1. Developer Registers & Obtains
application credentials to be used
by the App.
2. Interacts with the App & intends
to use resources from a third-
party, OAuth-Provider
3. Application redirects the user to
the OAuth Provider site
3. 3 Legged OAuth
Developer-App
End-User
(resource owner)
OAuth Provider
6. Application exchange Auth code
for Access token
5. Auth Code is generated and
returned to the App via a redirect
4. User completes authentication
& provides consent with a defined
scope
4. 3 Legged OAuth
Developer-App
End-User
(resource owner)
OAuth Provider
7. Access end-user resources
within the scope defined by the
consent using Access Token
8. Renew the access token without
requiring user consent again using
a Refresh Token
9. View, manage, revoke consent
From the access token Oauth
Provider can resolve the user
and return user specific
resources.
In the demo we will return
Movie Recommendation