-
Notifications
You must be signed in to change notification settings - Fork 0
Home
saeedprogrammer edited this page May 9, 2021
·
5 revisions
Welcome to the OpenID-with-iOS wiki!
OAuth(Open Authorization) is protocol for token-based authorization
- Scopes
- Flows
It's like a permission grant to clients to allow them access certain resources and prevent them from others. So, if a client has READ scope, and it tries to call an API endpoint that requires WRITE access, the call will fail.
- Implicit Flow(2 Legged OAuth):
- Communication to get access-token is done using browser. So, access-token returned from browser to the app directly(front-channel)
- No refresh token required , because access-token in this flow permanent.
- Authorization Code(3 Legged OAuth):
- Communication to get access-token is done in tow steps.
- The browser return authorization-code to the app (front-channel).
- The app then will connect with auth server and exchange authorization-code with access-token (back-channel).
- Refresh token optionally.
- It's more secure ,because access-token not passed through browser , but app request it directly