From the course: Web Security: OAuth and OpenID Connect (2019)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Touring the OAuth endpoints
From the course: Web Security: OAuth and OpenID Connect (2019)
Touring the OAuth endpoints
- [Narrator] Now that we have the basics, let's get into the specifics of the OAuth specification itself. The core specification RFC6749 defines exactly two endpoints. The first is the authorization endpoint. it used Interact with the user to confirm their identity. Therefore, it's used for any user-facing grant types, such as the authorization code or the implicit flow. Once a user's confirmed, or if there isn't a user involved at all, that's when we move to the token endpoint. This is where we actually get the tokens themselves. If you use client credential or resource owner password flow you'll skip directly to this. Every other endpoint comes through an extension. While this flexibility is great, it also means various OAuth implementations may not be directly compatible. So let's go over some of the common extensions. First, we have the introspect endpoint, which allows you to analyze and decode a token. Next, the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.