Please enable JavaScript.
Coggle requires JavaScript to display documents.
OAuth2 - Coggle Diagram
OAuth2
Grant types (Flow)
-
-
-
-
-
Authorization Code Flow with Proof Key for Code Exchange (PKCE)
(Single-page app SPA or Native/Mobile app )
- The app generates code_verifier and code_challenge, then send code_challenge to Authorization Servert to exchange authorization code. Then send authorization code + code_verifier to exchange the access token.
-
-
Token
Refresh Token
-
Automatic Reuse Detection
- Authorization Server has been keeping track of all the refresh tokens descending from the original refresh token - “token family”
- Authorization Server will detect if one refresh token are being used twice. If yes, it will invalidate the whole “token family”
-
-
-
Access Token vs ID Token
- ID Token: the user has been authenticated => get user profile
- Access token: the app has been authorized => call API
-