Oauth Diagram

Get access token use access token.

Oauth diagram. A diagram says more than 1000 words. Oauth 2 0 is a standard that apps use to provide client applications with access. It is therefore imperative that there is absolute trust.

All grant types have 2 flows. Step 1 first the user accesses resources using the client application such as google facebook twitter etc. This is why i have created a set of sequence diagrams that visualize the various oauth flows defined in the standard.

It s used to perform authentication and authorization in the majority of app types including single page apps web apps and natively installed apps. The oauth 2 0 authorization code flow is described in section 4 1 of the oauth 2 0 specification. Oauth2 is you guessed it the version 2 of the oauth protocol.

In this chapter we will discuss the architectural style of oauth 2 0. Here is a more detailed explanation of the steps in the diagram. Oauth 2 0 flows are tricky.

The above diagram is from the identity server website which provides a very nice summary of why oauth 2 x and open id connect are the preferred security standards. In addition the openid connect flow is presented in the form of a sequence. Now that you have an idea of what the oauth roles are let s look at a diagram of how they generally interact with each other.

When the value of response type is id token an id token is issued from the authorization endpoint. While oauth 2 0 also defines the token response type value for the implicit flow openid connect does not use this response type since no id token would be returned. Most software producing companies build a platform of uis and apis and the architecture looks something like this.