Last week, I introduced my new series of video tutorials designed to demonstrate how Layer 7 Gateways can be used to implement OAuth. For the second tutorial in the series, I tackle how the authorization code grant type is used and how it can be adapted to suit your own requirements.
To give you a general idea of what we’re dealing with in this tutorial, here’s a quick overview of how the authorization code grant type works:
- The resource owner is redirected by the client application to the OAuth authorization server, to express authorization (authorization endpoint)
- The OAuth authorization server redirects the resource owner back to the client application, along with an authorization code
- The client application presents this code to the OAuth authorization server (token endpoint), along with its credentials, and gets an OAuth access token
- The client uses the access token to call the service on behalf of the resource owner (optionally the client can use a refresh token to extend the session)
For more information on the workings of the authorization grant type, watch my tutorial video below. Next week, we’ll be looking at the implicit grant type. In the mean time, for broader insight into how Layer 7’s SecureSpan and CloudSpan Gateways enable OAuth, read up on the Layer 7 OAuth Toolkit.
Tutorial 2: The Authorization Code Grant Type