Please enable JavaScript.
Coggle requires JavaScript to display documents.
OAuth, it allow applications to access resources on behalf of a user…
OAuth
process
-
-
👉 authorization server redirect you to registered redirect URL with access token and refresh token
-
what is OAuth
-
components of OAuth . client (browser or server) , authorization server , resourse server .
OAuth is used to grant access to API . and Auth0 is used to manage the authentication and authorization process for your applications
types of token
opague token
does not contain user information and need token introinspaction ( authorization server will verify token )
JWT token
does contain user information and need local token verification ( it don't need authorization server to verify token )
-
-
user initiated flow , Authorization code flow
-
-
-
DPOP
what is it ?
Demonstrating Proof of Possession, is an extension that describes a technique to cryptographically bind access tokens to a particular client when they are issued. This is one of many attempts at improving the security of Bearer Tokens by requiring the application using the token to prove possession of the same private key that was used to obtain the token.
cryptography
Cryptography is the practice of developing and using coded algorithms to protect and obscure transmitted information so that it may only be read by those with the permission and ability to decrypt it