Oauth - Flow (Abstract Protocol Flow)

About

The abstract OAuth 2.0 flow describes the interaction between the four roles.

Type

Prerequisites

Before initiating the protocol (flow), the client must register with the authorization server

Steps

Direct

Flow when the client requests authorization from the resource owner directly.

Flow as a Sequence Diagram:

where:

Indirect

A indirect flow is preferable and asks authorization to the authorization endpoint (ie authorization server) as an intermediary (between the client and the resource owner).

An indirect flow is a redirection based flow.

Example:

Redirection-based

A redirection-based flow means that in the flow, the client (app) and/or the authorization server endpoints send feedback and directs the resource owner's user-agent (the end-user browser) to another destination via http redirection

Any other method available via the user-agent than the HTTP 302 status code to accomplish this redirection is allowed and is considered to be an implementation detail.

The client must then be capable of:

All Redirection-based flow are indirect.

Documentation / Reference


Powered by ComboStrap