I have been reviewing and practicing creating various flow diagrams. Here are a few notes to consider as you are practicing them for the CTA exam.
- In AOuth 2.0 you have four actors
- Client
- Resource owner
- Authorization server
- Resource server
- There are 6 flows
- (client) has authorization request (resource owner)
- (resource owner) grants authorization to (client)
- (client) send authorization to (auth server)
- (auth server) sends back the token to (client)
- (client) sends token to (resource server)
- (resource server) provides a protected resource to (client)
- OAuth 2.0 supports 4 uses cases:
- Authorization code grant flow (used by most web server applications)
- Implicit grant flow (used for device not able to store credentials)
- Resource owner password credentials grant flow (used when user name and password for (resource owner) is entered (mostly migrated applications)
- Client credentials grant flow (used by service API’s or to give access to service providers on behalf of themselves)