Security

OAuth2

Open Authorization is a standard protocol designed to allow a website or application to access resources hosted by other web apps on behalf of a user. In simple language, OAuth 2 refers to using tokens for authorization.

OAuth Grant Types

• Client Credentials (Client ID + Client Secret)

• password

OAuth Components

• Resource Owner is the user who authorizes an application to access their account.

• Client is the application that wants to access the user’s account

• Authorization Server

• Resource Server verifies the identity of the user then issues access tokens to the application

Access Token is a string that the OAuth client uses to make requests to the resource server.

Access Token Endpoint :

POST /{tenant}/oauth2/v2.0/token HTTP/1.1

Host: login.microsoftonline.com

Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials

&client_id=535fb089-9ff3-47b6-9bfb-4f1264799865

&client_secret=sampleCredentia1s

&scope=https://graph.microsoft.com/.default

Help

• https://freecontent.manning.com/how-does-oauth-2-work/

• https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2