password grant type
client is sending user's id +password , client's credential( client1, secert1)
authorization_code grant type
now we can avoid sharing user's credential to client
client try to get authorization from user
client redirect user to authenitcation server -> user logs in
authenitcation server now knows it is user -> ask if your gonna allow client2 use resoruce of yours -> client approve
authentication server redirect to given redirect url with authorization_code
with given authorization_code access authenction server to get acutal access token
client credenital grant type
client can authenticate with out user
refresh token can be done by an grant type
refersh token allow us to get new access token without user authenticating all the way again
'WEB > Security' 카테고리의 다른 글
Lesson 14 - Using Opaque Tokens - Introspection (0) | 2022.05.09 |
---|---|
Lesson 13 - Token implementations in OAuth 2 systems (0) | 2022.05.09 |
Lesson 11 - OAuth 2 and Spring Security (0) | 2022.05.06 |
Lesson 10 - (Cross-Origin Resource Sharing) CORS (0) | 2022.05.06 |
Lesson 9 - (Cross-Site Request Forgery) CSRF (0) | 2022.05.06 |