jordifebrer/oauth2.md

Last active October 24, 2023 07:59

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/jordifebrer/909f9cb3af61eaff90a5c382e7a6f206.js"></script>
Save jordifebrer/909f9cb3af61eaff90a5c382e7a6f206 to your computer and use it in GitHub Desktop.

Simplified OAuth 2 workflow for dummies (me!)

Raw

Simplified OAuth 2 workflow for dummies (me!)

A user wants profile data from an app.

User makes a request to a client (website, mobile app, etc).
Client (may) redirect the user to auth server login form.
User logs into the auth server.
Auth server validates previous credentials and returns an access token to the client.
Client sends the access token to the app.
App asks to the auth server if the token is valid.
Auth server validates the token and returns info to the app (TODO complete which kind of information returns, exp date ...)
App provides data to the client.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment