Please enable JavaScript.
Coggle requires JavaScript to display documents.
OAuth 2.0 - Coggle Diagram
OAuth 2.0
Flow
1.1 Client > Authorization Request > [Authorization Server] > Resource Owner
1.2 Client < Authorization Grant < [Authorization Server ] < Resource Owner
2.1 Client > Authorization Grant > Authorization Server
2.2 Client < Access Token < Authorization Server
3.1 Client > Access Token > Resource Server
3.2 Client < Protected Resource < Resource Server
client authentication
client password
basic auth
other
public/private key pair
endpoints
authorization endpoint (by auth. server)
must support GET
may support POST
must reject requests without response_type
token endpoint (by auth. server)
must be called with POST
redirection endpoint (by client)
is registered in auth. server during client registration
must be an absolute URI
if not registered then a request must contain redirection_uri parameter
client
client types
confidential
public
client profiles
web application
user-agent-based application
native application
refresh token
is optional
is not exposed to resource owner
client identifier
issued by authorization servrr
exposed to resource owner
authorization request
parameters
client_id*
redirect_uri
scope
state
response_type=code*
format
application/x-www-form-urlencoded
authorization response
query params
state*
code*
redirect with application/x-www-form-urlencoded
authorization grant
grant types
implicit
resource owner password credentials
client credentials
authorization code
other extended types
resource owner
resource server
authorization server
access token