OAuth - Authentication Code

1 - About

An authentication code is a intermediate credential used in a authorization code flow to retrieve a access token.

It's a shared secret that does not long live because it's passed back via the query parameters and therefore will be leaked (written) in a Web Log of the HTTP request.

3 - Example


https://example.com/redirection/path?code=AUTHORIZATION_CODE&state=xxxxx

where:

4 - Security Benefice

The authorization code provides a few important security benefits, such as:

  • as it's passed back to the client via query url, this code can be leaked in a http request log file because it has a short timespan. (The client then asks via a secure Ajax request the real authentication material).
  • the ability to authenticate the client,
  • the transmission of the access token directly to the client without passing it through the resource owner's user-agent and potentially exposing it to others, including the resource owner.

Data Science
Data Analysis
Statistics
Data Science
Linear Algebra Mathematics
Trigonometry

Powered by ComboStrap