You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/routes/blog/post/understand-oauth2/+page.markdoc
+3-3Lines changed: 3 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,7 @@ unlisted: true
11
11
category: product
12
12
---
13
13
14
-
In today’s interconnected app ecosystem, users expect seamless, secure access across services. OAuth2 has emerged as the industry standard for handling secure delegated access, making it a critical protocol for developers to understand.
14
+
Modern applications rarely operate in isolation. Whether it's logging in with Google or sharing data with a third-party service, users demand interoperability and security. That’s where OAuth2 steps in: a powerful protocol designed to delegate access without compromising user credentials.
15
15
16
16
This guide explains OAuth2, how it works, the different flows available, and when to use each one, helping you build secure, scalable authorization experiences.
17
17
@@ -42,7 +42,7 @@ Refer to the OAuth2 [documentation](/docs/product/auth/oauth2) for complete tech
42
42
43
43
1. **Authorization request**: The client asks the resource owner for permission.
44
44
2. **Authorization grant**: If the user consents, the server issues a grant (authorization code, token, etc.).
45
-
3. **Token request**: The client exchanges the grant for an access token.
45
+
3. **Token request**: The client exchanges the grant for an access [token](/docs/products/auth/tokens).
46
46
4. **Resource access**: The client uses the token to access protected resources.
47
47
48
48
Tokens are typically short-lived and scoped, meaning they only allow the operations the user approved.
@@ -68,7 +68,7 @@ OAuth2 offers different "flows" to accommodate various scenarios. Here's a break
68
68
69
69
- Web apps with secure backend servers.
70
70
71
-
{% call_to_action title="Customer identity without the hassle" description="Add secure authentication for your users in just a couple of minutes." point1="Multiple OAuth providers" point2="Built-in security" point3="Custom roles and permissions" point4="Integrates with your favourite SDK" cta="Contact sales" url="https://appwrite.io/contact-us/enterprise" /%}
71
+
{% call_to_action title="Customer identity without the hassle" description="Add secure authentication for your users in just a couple of minutes." point1="Multiple OAuth providers" point2="Built-in security" point3="Custom roles and permissions" point4="Integrates with your favourite SDK" cta="Request a demo" url="https://appwrite.io/contact-us/enterprise" /%}
72
72
73
73
74
74
## 2. Authorization code flow with PKCE (Proof Key for Code Exchange)
0 commit comments