Authorization Code Grant Flow Overview

preview_player
Показать описание
We use APIs rather than raw databases so we can control who gets to see what data when and where. The OAuth Authorization Code Grant allows us to combine the security allowed for an App with the security rules allowed for a User. This video gives a quick look at how a person, app, API and Identity service all interact together in that flow.

  1. Michael Bissell
Рекомендации по теме
Authorization Code Grant 0:04:25

Authorization Code Grant Flow Overview

OAuth 2 Explained 0:04:32

OAuth 2 Explained In Simple Terms

OAuth Authorization code 0:11:49

OAuth Authorization code flow

OAuth 2.0 Authorization 0:00:40

OAuth 2.0 Authorization Code Grant Flow

OAuth 2.0 explained 0:10:03

OAuth 2.0 explained with examples

OAuth 2.0: An 0:06:34

OAuth 2.0: An Overview

OAuth2 Authorisation Code 0:05:21

OAuth2 Authorisation Code + PKCE Grant Type Walkthrough

An Illustrated Guide 0:16:36

An Illustrated Guide to OAuth and OpenID Connect

stream archive: EyeAP 2:42:07

stream archive: EyeAP - A user manager with Fusion Auth day 4 (2024-07-22)

Understanding OAuth2 Authorization 0:12:01

Understanding OAuth2 Authorization Code Grant Type

OAuth PKCE | 0:09:39

OAuth PKCE | OAuth Proof Key for Code Exchange explained

Oauth 2.0 Authorization 0:15:52

Oauth 2.0 Authorization Code Flow | Microsoft Graph

22 Authorization Code 0:03:37

22 Authorization Code Grant Complete Flow

OAuth 2.0 - 0:09:16

OAuth 2.0 - a dead simple explanation

oAuth for Beginners 0:10:43

oAuth for Beginners - How oauth authentication🔒 works ?

OAuth Grant Types 0:06:37

OAuth Grant Types

What are the 0:03:36

What are the OAuth 2.0 Grant Type Flows? First up, Authorization Code

Authorization Code Flow 0:09:23

Authorization Code Flow Part 1 | Hands-on with Keycloak 19

Get an Access 0:07:23

Get an Access Token Using Auth Code Grant | Developer Education

OIDC : Authorization 0:12:46

OIDC : Authorization Code Grant flow (Partie 1)

OAuth 2.0 - 0:07:32

OAuth 2.0 - Implicit grant and how it works

Visualizing the OAuth 0:01:42

Visualizing the OAuth Flow and Why PKCE is Needed

ID Tokens VS 0:08:38

ID Tokens VS Access Tokens: What's the Difference?

Testing OAuth2 Authorization 0:07:54

Testing OAuth2 Authorization Flow with Postman (Authorization Code Grant)

Комментарии
Автор

can you confirm, token call is happening at backend or frontend via browser?

saikrishnapuli
Автор

I am still fairly new to OAuth so I'm still wrapping my head around the concept of oauth clients. In your diagram, would the App be considered the oauth client or would it be the API server?

I'm confused because the App would be the one consuming the token and making requests to access protected resources for the user, but the API server here is the one exchanging the auth code for tokens.

autumnchills
Автор

I am confused.
What is the API here ?
Is it part of the Identity/Authorization setup?
Or is it the server counterpart of the App.

iambhanu