Oauth - Flow (Abstract Protocol Flow)

Card Puncher Data Processing


The abstract OAuth 2.0 flow describes the interaction between the four roles.


For each type of grant, you got a flow:


Before initiating the protocol (flow), the client must register with the authorization server


The authorization request can be made:


Flow when the client requests authorization from the resource owner directly.

Flow as a Sequence Diagram:



A indirect flow is preferable and asks authorization to the authorization endpoint (ie authorization server) as an intermediary (between the client and the resource owner).

An indirect flow is a redirection based flow.



A redirection-based flow means that in the flow, the client (app) and/or the authorization server endpoints send feedback and directs the resource owner's user-agent (the end-user browser) to another destination via http redirection

Any other method available via the user-agent than the HTTP 302 status code to accomplish this redirection is allowed and is considered to be an implementation detail.

The client must then be capable of:

All Redirection-based flow are indirect.

Documentation / Reference

Recommended Pages
Card Puncher Data Processing
OAuth - Implicit Grant and flow

The implicit grant is a grant type (flow) that issued directly an access token. (It does not support the issuance of refresh tokens). This grant type is called implicit, as no intermediate credentials...
Card Puncher Data Processing
Oauth - Authorization Code Flow

The authorization code grant type (flow) works with an intermediate credential called a authorization code. It is a indirect and redirection-based flow that is optimized for confidential clients. The...
Card Puncher Data Processing
Oauth - Authorization Grant (Resource Owner Authorization|Authorization Credentials)

An Authorization Grant is a credential representing the resource owner's authorization to access its protected resources. The flow for each type of grant is expressed using grant type: one of four...
Card Puncher Data Processing
Oauth - Client (App)

client is one of the 4 roles of the Oauth specification. In its most basic form, it's a web site used by a end-user. In more details, it's is a (first-party or third party service application making...
Card Puncher Data Processing
Oauth - Role

OAuth defines four roles: The interaction between this roles is described in the flow. An end-user (resource owner) can grant a printing service (client) access to her protected photos...
Card Puncher Data Processing
Oauth 2.0 - Authorization framework

This section talks OAuth 2.0. (OAuth 2.0 replaces OAuth 1.0) The following two specifications provide a general framework for third-party applications (know as the client) to obtain and use limited...
Card Puncher Data Processing
Process - Sequence Diagram Viz

A Sequence diagram is an interaction diagram that shows how processes operate with one another and in what order. They focuses on the message interchange between participant materialized in a line known...

Share this page:
Follow us:
Task Runner