Bearer Authentication

1. Write the following steps in the correct order:

• Register your application to get a client_id and client_secret
• Ask the client if they want to sign in via a third party
• Redirect to a third party authentication endpoint
• Receive authorization code
• Make a request to the access token endpoint
• Receive access token
• Make a request to a third-party API endpoint

1. What can you do with an authorization code?

• it is used to aquire an access token

1. What can you do with an access token?

• access token can be used to verify clinet’s authentication and get the access to an API

1. What’s a benefit of using OAuth instead of your own basic authentication?

• the OAuth has a more complex interaction than basic authentication
• the OAuth is not involving with user’s password at all

Terms

• Client ID: an unique identifier for applications
• Client Secret: a secret known only to your application and the authorization server
• Authentication Endpoint: an HTTP endpoint that micropub and IndieAuth clients can use to identify a user or obtain an authorization code
• Access Token Endpoint: where apps make a request to get an access token for a user
• API Endpoint: a point at which an API – the code that allows two software programs to communicate with each other – connects with the software program
• Authorization Code: a temporary code that the client will exchange for an access token
• Access Token: an object encapsulating the security identity of a process or thread

<==Back