From the course: Web Security: OAuth and OpenID Connect
Join today to access over 24,700 courses taught by industry experts.
Touring the OAuth endpoints - OAuth Tutorial
From the course: Web Security: OAuth and OpenID Connect
Touring the OAuth endpoints
- [Instructor] The endpoints or URLs that we have in OAuth are relatively simple, but once we add extensions, it gets a lot more complicated. So let's start with the simple bits. The base framework, we have the authorized and token endpoints. The authorized endpoint is where we make our initial request to evaluate our grant type and our scope request. Once we complete that process, we go to the token endpoint to actually get our token. At first, it feels weird to make two separate requests, but by splitting the steps, we can use them independently or together as our needs change. For example, some of our grant types have a client side portion where it happens in the single page app or a mobile app. Since the end user or even a malicious user can monitor and modify that transaction, we can't use secrets and we can't trust the results. But having two steps, we could do a client side step, which is untrusted, and then a…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
