rest - Understanding OAuth2 flow -


i'm developing android app consumes rest service uses oauth protocol. in first activity, app shows login screen. flow:

1) user puts username , password.

2) app makes request rest service, providing username , password.

3) rest service check credentials , if correct, ask access_token oauth2 provider server.

4) rest service answers app providing access_token , refresh_token

5) in next requests rest server (to data people, articles...) app provide access_token , refresh_token.

6) when rest service process request, validate access_token (using token info endpoint of oauth server).

7) if access_token correct , has not expired, rest service return data app asking for.

when rest service detects access_token has expired, asks using refresh_roken.

now, questions:

when rest service retrieve new access_token after old 1 expires, has rest service send app in response?

if so, has app check, in each request/response, if new new access_token has been sent rest service?

i don't know if i'm in right way, i'm trying understand flow.

thanks.

assuming there's no browser involved , app (aka. client) uses called resource owner password credentials grant, flow is:

  1. the user (aka. resource owner) provides his/her username , password client

  2. the client makes token request authorization server, providing username , password

  3. the authorization server checks credentials , if correct, provides access token , optionally refresh token client in response

  4. in requests rest server (to data people, articles...) client provide access token

  5. when rest service process request, validate access token calling token validation endpoint of authorization server or validating token locally (e.g. if access token jwt).

  6. if access token correct, has not expired , has right permissions (aka. "scopes"), rest service return data client asking for

  7. when client detects access_token has expired (e.g. because rest server returns error), asks authorization server access token using refresh token using so-called refresh token grant/flow


Comments

Post a Comment

Popular posts from this blog

javascript - AngularJS custom datepicker directive -

i make custom datepicker directive custom template. but have no idea how start building it... how include date data directive? i appreciate guide or give me advice work on more precisely. it might you! follow below steps html code sample: <label>birth date</label> <input type="text" ng-model="birthdate" date-options="dateoptions" custom-datepicker/> <hr/> <pre>birthdate = {{birthdate}}</pre> <script type="text/ng-template" id="custom-datepicker.html"> <div class="enhanced-datepicker"> <div class="proxied-field-wrap"> <input type="text" ui-date-format="yy-mm-dd" ng-model="ngmodel" ui-date="dateoptions"/> </div> <label> <button class="btn" type="button"><i class="icon-calendar"></i>
Read more

javascript - jQuery date picker - Disable dates after the selection from the first date picker -

<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <title>jquery ui datepicker - default functionality</title> <link rel="stylesheet" href="//code.jquery.com/ui/1.11.4/themes/smoothness/jquery-ui.css"> <script src="//code.jquery.com/jquery-1.10.2.js"></script> <script src="//code.jquery.com/ui/1.11.4/jquery-ui.js"></script> <link rel="stylesheet" href="/resources/demos/style.css"> <script> $(function () { $("#datepicker1").datepicker(); }); </script> <script> $(function () { $("#datepicker2").datepicker(); }); </script> </head> <body> <p>date 1: <input type="text" id="datepicker1"></p> <p>date 2: <input type="t
Read more