SlideShare a Scribd company logo
1 of 9
Download to read offline
OAuth 2.0
PROTOCOL ENDPOINTS
Protocol Endpoints
 AUTHENTICATION SERVER ENDPOINTS
 Authorization Endpoint
 Used by the client to obtain authorization from the user via user-agent
 Token Endpoint
 Used by the client to exchange and authorization grant for an access token (with client
authentication)
 CLIENT ENDPOINTS
 Redirection Endpoint
 Used by the authorization server to return responses with authorization credentials to the
client via the user-agent
Authorization Endpoint
 Used to interact with the user to obtain authorization grant.
 User is authenticated (usually username/password)
 The location of the authorization endpoint is left up to implementation.
 URI may contain query components but cannot contain fragment components.
Authorization Endpoint
RESPONSE TYPE
 The client informs the authorization server of the desired grant type:
 response_type = “code” (for requesting an authorization code)
 response_type = “token” (for requesting an access token)
Authorization Endpoint
REDIRECTION ENDPOINT
 The user is redirected back to the redirect endpoint established during client
registration or during authorization process.
 Redirection endpoint URI must be absolute, can contain query components,
but cannot contain fragment components.
 Should require the use of TLS
 Every client should register their redirection endpoint prior to using
authorization endpoint, otherwise attackers may use the authorization
endpoints as open redirector.
 Clients can have multiple redirection points, but when they request
authorization they must use “redirect_uri” request parameter. The
authorization server must compare the redirect_uri value with the values
obtained during client registration.
Authorization Endpoint
REDIRECTION ENDPOINT (Continued)
 In case of URI error, user should not be redirected, but rather receive an error
message.
 Redirection endpoint will result in an HTML document which should not
include third-party scripts.
Token Endpoint
 Used by the client to obtain an access token using authorization code /
refresh token.
 Cannot be used with implicit grant types.
 Token endpoint location is up to the implementation.
 The client must use POST method to request access tokens.
Token Endpoint
CLIENT AUTHENTICATION
 Used for:
 Enforcing the binding of refresh tokens and authorization codes to the client.
 Recovering a client by changing the credentials / disabling the client. Thus there is
no need for revoking the whole set of refresh tokens.
 Makes mandatory the rotation of client credentials.
 A client may use “client_id” request parameter to identify itself when
sending requests to token endpoints.
 A client must use “client_id” when using “authorization_code” and
“grant_type” requests to the token endpoint.
Access Token Scope
 Client request a certain scope with the “scope” request parameter, and the
authorization server responses with the authorized scope by the “scope”
request parameter as well. The authorization server may grant full requested
scope or limit it according to policies.
 If the client doesn’t send a “scope” parameter, the server should use a
default value.
 Its values are expressed as a list of space delimited, case-sensitive strings
where order doesn’t matter.
 The strings are defined by the authorization server.

More Related Content

Viewers also liked

3.การพิจารณา สถานีสูบน้ำด้วยไฟฟ้า
3.การพิจารณา สถานีสูบน้ำด้วยไฟฟ้า3.การพิจารณา สถานีสูบน้ำด้วยไฟฟ้า
3.การพิจารณา สถานีสูบน้ำด้วยไฟฟ้าสายหมอก วันใหม่
 
L'ARPA e il progetto SmartOpenData
L'ARPA e il progetto SmartOpenDataL'ARPA e il progetto SmartOpenData
L'ARPA e il progetto SmartOpenDatajexxon
 
Uflex Awards Ceremony
Uflex Awards CeremonyUflex Awards Ceremony
Uflex Awards CeremonyUflexlimited
 
01 Approaches to Language Teaching
01 Approaches to Language Teaching01 Approaches to Language Teaching
01 Approaches to Language TeachingMikhail Rogozin
 
Group activity 2 travel services
Group activity 2 travel servicesGroup activity 2 travel services
Group activity 2 travel servicesbananaapple2
 
[UX Series] 5 - Navigation
[UX Series] 5 - Navigation[UX Series] 5 - Navigation
[UX Series] 5 - NavigationPhuong Hoang Vu
 

Viewers also liked (9)

Mind 330
Mind 330Mind 330
Mind 330
 
3.การพิจารณา สถานีสูบน้ำด้วยไฟฟ้า
3.การพิจารณา สถานีสูบน้ำด้วยไฟฟ้า3.การพิจารณา สถานีสูบน้ำด้วยไฟฟ้า
3.การพิจารณา สถานีสูบน้ำด้วยไฟฟ้า
 
kanan k
kanan kkanan k
kanan k
 
L'ARPA e il progetto SmartOpenData
L'ARPA e il progetto SmartOpenDataL'ARPA e il progetto SmartOpenData
L'ARPA e il progetto SmartOpenData
 
Uflex Awards Ceremony
Uflex Awards CeremonyUflex Awards Ceremony
Uflex Awards Ceremony
 
01 Approaches to Language Teaching
01 Approaches to Language Teaching01 Approaches to Language Teaching
01 Approaches to Language Teaching
 
Group activity 2 travel services
Group activity 2 travel servicesGroup activity 2 travel services
Group activity 2 travel services
 
[UX Series] 5 - Navigation
[UX Series] 5 - Navigation[UX Series] 5 - Navigation
[UX Series] 5 - Navigation
 
TOS 3rd Quarter
TOS 3rd QuarterTOS 3rd Quarter
TOS 3rd Quarter
 

Similar to (3) OAuth 2.0 Protocol Endpoints

(4) OAuth 2.0 Obtaining Authorization
(4) OAuth 2.0 Obtaining Authorization(4) OAuth 2.0 Obtaining Authorization
(4) OAuth 2.0 Obtaining Authorizationanikristo
 
The OAuth 2.0 Authorization Framework
The OAuth 2.0 Authorization FrameworkThe OAuth 2.0 Authorization Framework
The OAuth 2.0 Authorization FrameworkSamuele Cozzi
 
Deep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected AppsDeep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected AppsSalesforce Developers
 
Silicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowSilicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowManish Pandit
 
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect Nilanjan Roy
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2Sanjoy Kumar Roy
 
Microsoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsMicrosoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsStefan Weber
 
Amazon Cognito OAuth 2.0 Grants
Amazon Cognito OAuth 2.0 GrantsAmazon Cognito OAuth 2.0 Grants
Amazon Cognito OAuth 2.0 GrantsSibtay Abbas
 
(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overviewanikristo
 
What the Heck is OAuth and OIDC - UberConf 2018
What the Heck is OAuth and OIDC - UberConf 2018What the Heck is OAuth and OIDC - UberConf 2018
What the Heck is OAuth and OIDC - UberConf 2018Matt Raible
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportGaurav Sharma
 
Best Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemBest Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemPrabath Siriwardena
 
OAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootOAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootGeert Pante
 
A Survey on SSO Authentication protocols: Security and Performance
A Survey on SSO Authentication protocols: Security and PerformanceA Survey on SSO Authentication protocols: Security and Performance
A Survey on SSO Authentication protocols: Security and PerformanceAmin Saqi
 
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020Matt Raible
 
Introducing OpenID 1.0 Protocol: Security and Performance
Introducing OpenID 1.0 Protocol: Security and PerformanceIntroducing OpenID 1.0 Protocol: Security and Performance
Introducing OpenID 1.0 Protocol: Security and PerformanceAmin Saqi
 
Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Mads Toustrup-Lønne
 

Similar to (3) OAuth 2.0 Protocol Endpoints (20)

(4) OAuth 2.0 Obtaining Authorization
(4) OAuth 2.0 Obtaining Authorization(4) OAuth 2.0 Obtaining Authorization
(4) OAuth 2.0 Obtaining Authorization
 
The OAuth 2.0 Authorization Framework
The OAuth 2.0 Authorization FrameworkThe OAuth 2.0 Authorization Framework
The OAuth 2.0 Authorization Framework
 
Deep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected AppsDeep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected Apps
 
Silicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowSilicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and How
 
OAuth2 + API Security
OAuth2 + API SecurityOAuth2 + API Security
OAuth2 + API Security
 
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
 
Microsoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsMicrosoft Graph API Delegated Permissions
Microsoft Graph API Delegated Permissions
 
Amazon Cognito OAuth 2.0 Grants
Amazon Cognito OAuth 2.0 GrantsAmazon Cognito OAuth 2.0 Grants
Amazon Cognito OAuth 2.0 Grants
 
(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview
 
What the Heck is OAuth and OIDC - UberConf 2018
What the Heck is OAuth and OIDC - UberConf 2018What the Heck is OAuth and OIDC - UberConf 2018
What the Heck is OAuth and OIDC - UberConf 2018
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
 
Best Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemBest Practices in Building an API Security Ecosystem
Best Practices in Building an API Security Ecosystem
 
OAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootOAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring Boot
 
A Survey on SSO Authentication protocols: Security and Performance
A Survey on SSO Authentication protocols: Security and PerformanceA Survey on SSO Authentication protocols: Security and Performance
A Survey on SSO Authentication protocols: Security and Performance
 
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
 
Introducing OpenID 1.0 Protocol: Security and Performance
Introducing OpenID 1.0 Protocol: Security and PerformanceIntroducing OpenID 1.0 Protocol: Security and Performance
Introducing OpenID 1.0 Protocol: Security and Performance
 
Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0
 
Full stack security
Full stack securityFull stack security
Full stack security
 

Recently uploaded

Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxRomil Mishra
 
"Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ..."Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ...Erbil Polytechnic University
 
A brief look at visionOS - How to develop app on Apple's Vision Pro
A brief look at visionOS - How to develop app on Apple's Vision ProA brief look at visionOS - How to develop app on Apple's Vision Pro
A brief look at visionOS - How to develop app on Apple's Vision ProRay Yuan Liu
 
Research Methodology for Engineering pdf
Research Methodology for Engineering pdfResearch Methodology for Engineering pdf
Research Methodology for Engineering pdfCaalaaAbdulkerim
 
CS 3251 Programming in c all unit notes pdf
CS 3251 Programming in c all unit notes pdfCS 3251 Programming in c all unit notes pdf
CS 3251 Programming in c all unit notes pdfBalamuruganV28
 
March 2024 - Top 10 Read Articles in Artificial Intelligence and Applications...
March 2024 - Top 10 Read Articles in Artificial Intelligence and Applications...March 2024 - Top 10 Read Articles in Artificial Intelligence and Applications...
March 2024 - Top 10 Read Articles in Artificial Intelligence and Applications...gerogepatton
 
22CYT12 & Chemistry for Computer Systems_Unit-II-Corrosion & its Control Meth...
22CYT12 & Chemistry for Computer Systems_Unit-II-Corrosion & its Control Meth...22CYT12 & Chemistry for Computer Systems_Unit-II-Corrosion & its Control Meth...
22CYT12 & Chemistry for Computer Systems_Unit-II-Corrosion & its Control Meth...KrishnaveniKrishnara1
 
Python Programming for basic beginners.pptx
Python Programming for basic beginners.pptxPython Programming for basic beginners.pptx
Python Programming for basic beginners.pptxmohitesoham12
 
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfModule-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfManish Kumar
 
Guardians of E-Commerce: Harnessing NLP and Machine Learning Approaches for A...
Guardians of E-Commerce: Harnessing NLP and Machine Learning Approaches for A...Guardians of E-Commerce: Harnessing NLP and Machine Learning Approaches for A...
Guardians of E-Commerce: Harnessing NLP and Machine Learning Approaches for A...IJAEMSJORNAL
 
Input Output Management in Operating System
Input Output Management in Operating SystemInput Output Management in Operating System
Input Output Management in Operating SystemRashmi Bhat
 
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTESCME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTESkarthi keyan
 
Artificial Intelligence in Power System overview
Artificial Intelligence in Power System overviewArtificial Intelligence in Power System overview
Artificial Intelligence in Power System overviewsandhya757531
 
Detection&Tracking - Thermal imaging object detection and tracking
Detection&Tracking - Thermal imaging object detection and trackingDetection&Tracking - Thermal imaging object detection and tracking
Detection&Tracking - Thermal imaging object detection and trackinghadarpinhas1
 
Turn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxTurn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxStephen Sitton
 
AntColonyOptimizationManetNetworkAODV.pptx
AntColonyOptimizationManetNetworkAODV.pptxAntColonyOptimizationManetNetworkAODV.pptx
AntColonyOptimizationManetNetworkAODV.pptxLina Kadam
 
Novel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending ActuatorsNovel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending ActuatorsResearcher Researcher
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionMebane Rash
 
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.elesangwon
 
The Satellite applications in telecommunication
The Satellite applications in telecommunicationThe Satellite applications in telecommunication
The Satellite applications in telecommunicationnovrain7111
 

Recently uploaded (20)

Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptx
 
"Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ..."Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ...
 
A brief look at visionOS - How to develop app on Apple's Vision Pro
A brief look at visionOS - How to develop app on Apple's Vision ProA brief look at visionOS - How to develop app on Apple's Vision Pro
A brief look at visionOS - How to develop app on Apple's Vision Pro
 
Research Methodology for Engineering pdf
Research Methodology for Engineering pdfResearch Methodology for Engineering pdf
Research Methodology for Engineering pdf
 
CS 3251 Programming in c all unit notes pdf
CS 3251 Programming in c all unit notes pdfCS 3251 Programming in c all unit notes pdf
CS 3251 Programming in c all unit notes pdf
 
March 2024 - Top 10 Read Articles in Artificial Intelligence and Applications...
March 2024 - Top 10 Read Articles in Artificial Intelligence and Applications...March 2024 - Top 10 Read Articles in Artificial Intelligence and Applications...
March 2024 - Top 10 Read Articles in Artificial Intelligence and Applications...
 
22CYT12 & Chemistry for Computer Systems_Unit-II-Corrosion & its Control Meth...
22CYT12 & Chemistry for Computer Systems_Unit-II-Corrosion & its Control Meth...22CYT12 & Chemistry for Computer Systems_Unit-II-Corrosion & its Control Meth...
22CYT12 & Chemistry for Computer Systems_Unit-II-Corrosion & its Control Meth...
 
Python Programming for basic beginners.pptx
Python Programming for basic beginners.pptxPython Programming for basic beginners.pptx
Python Programming for basic beginners.pptx
 
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfModule-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
 
Guardians of E-Commerce: Harnessing NLP and Machine Learning Approaches for A...
Guardians of E-Commerce: Harnessing NLP and Machine Learning Approaches for A...Guardians of E-Commerce: Harnessing NLP and Machine Learning Approaches for A...
Guardians of E-Commerce: Harnessing NLP and Machine Learning Approaches for A...
 
Input Output Management in Operating System
Input Output Management in Operating SystemInput Output Management in Operating System
Input Output Management in Operating System
 
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTESCME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
 
Artificial Intelligence in Power System overview
Artificial Intelligence in Power System overviewArtificial Intelligence in Power System overview
Artificial Intelligence in Power System overview
 
Detection&Tracking - Thermal imaging object detection and tracking
Detection&Tracking - Thermal imaging object detection and trackingDetection&Tracking - Thermal imaging object detection and tracking
Detection&Tracking - Thermal imaging object detection and tracking
 
Turn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxTurn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptx
 
AntColonyOptimizationManetNetworkAODV.pptx
AntColonyOptimizationManetNetworkAODV.pptxAntColonyOptimizationManetNetworkAODV.pptx
AntColonyOptimizationManetNetworkAODV.pptx
 
Novel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending ActuatorsNovel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending Actuators
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of Action
 
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
 
The Satellite applications in telecommunication
The Satellite applications in telecommunicationThe Satellite applications in telecommunication
The Satellite applications in telecommunication
 

(3) OAuth 2.0 Protocol Endpoints

  • 2. Protocol Endpoints  AUTHENTICATION SERVER ENDPOINTS  Authorization Endpoint  Used by the client to obtain authorization from the user via user-agent  Token Endpoint  Used by the client to exchange and authorization grant for an access token (with client authentication)  CLIENT ENDPOINTS  Redirection Endpoint  Used by the authorization server to return responses with authorization credentials to the client via the user-agent
  • 3. Authorization Endpoint  Used to interact with the user to obtain authorization grant.  User is authenticated (usually username/password)  The location of the authorization endpoint is left up to implementation.  URI may contain query components but cannot contain fragment components.
  • 4. Authorization Endpoint RESPONSE TYPE  The client informs the authorization server of the desired grant type:  response_type = “code” (for requesting an authorization code)  response_type = “token” (for requesting an access token)
  • 5. Authorization Endpoint REDIRECTION ENDPOINT  The user is redirected back to the redirect endpoint established during client registration or during authorization process.  Redirection endpoint URI must be absolute, can contain query components, but cannot contain fragment components.  Should require the use of TLS  Every client should register their redirection endpoint prior to using authorization endpoint, otherwise attackers may use the authorization endpoints as open redirector.  Clients can have multiple redirection points, but when they request authorization they must use “redirect_uri” request parameter. The authorization server must compare the redirect_uri value with the values obtained during client registration.
  • 6. Authorization Endpoint REDIRECTION ENDPOINT (Continued)  In case of URI error, user should not be redirected, but rather receive an error message.  Redirection endpoint will result in an HTML document which should not include third-party scripts.
  • 7. Token Endpoint  Used by the client to obtain an access token using authorization code / refresh token.  Cannot be used with implicit grant types.  Token endpoint location is up to the implementation.  The client must use POST method to request access tokens.
  • 8. Token Endpoint CLIENT AUTHENTICATION  Used for:  Enforcing the binding of refresh tokens and authorization codes to the client.  Recovering a client by changing the credentials / disabling the client. Thus there is no need for revoking the whole set of refresh tokens.  Makes mandatory the rotation of client credentials.  A client may use “client_id” request parameter to identify itself when sending requests to token endpoints.  A client must use “client_id” when using “authorization_code” and “grant_type” requests to the token endpoint.
  • 9. Access Token Scope  Client request a certain scope with the “scope” request parameter, and the authorization server responses with the authorized scope by the “scope” request parameter as well. The authorization server may grant full requested scope or limit it according to policies.  If the client doesn’t send a “scope” parameter, the server should use a default value.  Its values are expressed as a list of space delimited, case-sensitive strings where order doesn’t matter.  The strings are defined by the authorization server.