Bearer Authentication
- Write the following steps in the correct order:
- Register your application to get a client_id and client_secret
- Ask the client if they want to sign in via a third party
- Redirect to a third party authentication endpoint
- Receive authorization code
- Make a request to the access token endpoint
- Receive access token
- Make a request to a third-party API endpoint
- What can you do with an authorization code?
- it is used to aquire an access token
- What can you do with an access token?
- access token can be used to verify clinet’s authentication and get the access to an API
- What’s a benefit of using OAuth instead of your own basic authentication?
- the OAuth has a more complex interaction than basic authentication
- the OAuth is not involving with user’s password at all
Terms
- Client ID: an unique identifier for applications
- Client Secret: a secret known only to your application and the authorization server
- Authentication Endpoint: an HTTP endpoint that micropub and IndieAuth clients can use to identify a user or obtain an authorization code
- Access Token Endpoint: where apps make a request to get an access token for a user
- API Endpoint: a point at which an API – the code that allows two software programs to communicate with each other – connects with the software program
- Authorization Code: a temporary code that the client will exchange for an access token
- Access Token: an object encapsulating the security identity of a process or thread
<==Back