OAuth 2.0 Flows

I have been reviewing and practicing creating various flow diagrams. Here are a few notes to consider as you are practicing them for the CTA exam.

  • In AOuth 2.0 you have four actors
    • Client
    • Resource owner
    • Authorization server
    • Resource server
  • There are 6 flows
    1. (client) has authorization request (resource owner)
    2. (resource owner) grants authorization to (client)
    3. (client) send authorization to (auth server)
    4. (auth server) sends back the token to (client)
    5. (client) sends token to (resource server)
    6. (resource server) provides a protected resource to (client)
  • OAuth 2.0 supports 4 uses cases:
    • Authorization code grant flow (used by most web server applications)
    • Implicit grant flow (used for device not able to store credentials)
    • Resource owner password credentials grant flow (used when user name and password for (resource owner) is entered (mostly migrated applications)
    • Client credentials grant flow (used by service API’s or to give access to service providers on behalf of themselves)

Leave a Reply

Close Menu