Hello, as you already know, I’m Kindson The Genius and I’m here to help you understand tech concept very easily. You let me know what you would like to learn.
Today I would just outline the OAuth 2.0 Authorization Process, that is the steps and the flow diagram. No much details though.
OAuth 2.0 Authorization Steps
Step 1: User visits a websit eg. kindsonthegenius.blogspot.com (App)
Step 2: App asks user for authentication though Facebook
Step 3: A consent screen is displayed to the user and user accepts to allow access
Step 4: IdP sends a code to the user (IdP stands for Identity Provider)
Step 5: User sends to code to the App via a redirect link
Step 6: App request for access token from the IdP using the code it has received
Step 7: The IdP checks the access code is valid and then send the access token to the App.
Step 8: App then requests access to restricted resources in the resource server by presenting its access token.
Step 9: Resource server checks with the IdP to make sure access token is valid and then grants access to the resources.
- The flow may have some variations depending on the particular implementation
- The IdP is also known as the Authorization Server
- The IdP and the Resource Server are sometimes in the same place.
Find more details here: What is OAuth and OpenID?
Video explanation: Vidoe explanation