rest - Understanding OAuth2 flow -
i'm developing android app consumes rest service uses oauth protocol. in first activity, app shows login screen. flow:
1) user puts username , password.
2) app makes request rest service, providing username , password.
3) rest service check credentials , if correct, ask access_token
oauth2 provider server.
4) rest service answers app providing access_token
, refresh_token
5) in next requests rest server (to data people, articles...) app provide access_token
, refresh_token
.
6) when rest service process request, validate access_token
(using token info endpoint of oauth server).
7) if access_token correct , has not expired, rest service return data app asking for.
when rest service detects access_token
has expired, asks using refresh_roken
.
now, questions:
when rest service retrieve new access_token
after old 1 expires, has rest service send app in response?
if so, has app check, in each request/response, if new new access_token
has been sent rest service?
i don't know if i'm in right way, i'm trying understand flow.
thanks.
assuming there's no browser involved , app (aka. client) uses called resource owner password credentials grant, flow is:
the user (aka. resource owner) provides his/her username , password client
the client makes token request authorization server, providing username , password
the authorization server checks credentials , if correct, provides access token , optionally refresh token client in response
in requests rest server (to data people, articles...) client provide access token
when rest service process request, validate access token calling token validation endpoint of authorization server or validating token locally (e.g. if access token jwt).
if access token correct, has not expired , has right permissions (aka. "scopes"), rest service return data client asking for
when client detects access_token has expired (e.g. because rest server returns error), asks authorization server access token using refresh token using so-called refresh token grant/flow
Comments
Post a Comment