Reading-Notes
Class 07 Summary :
Bearer Authorization :
Write the following steps in the correct order :
- Register your application to get a client_id and client_secret.
- Ask the client if they want to sign in via a third party.
- Redirect to a third party authentication endpoint.
- Make a request to a third-party API endpoint
- Receive authorization code.
- Make a request to the access token endpoint.
- Receive access token
What can you do with an authorization code?
- For Authorization Code grant type, the first step is to issue an auth code to the client. The client will then get back with the auth code and client credentials to request for a token.
What can you do with an access token?
- it will include that token as a credential when making API requests. To do so, it should transmit the access token to the API as a Bearer credential in an HTTP Authorization header.
What’s a benefit of using OAuth instead of your own basic authentication?
- It allows you to read data of a user from another application.
- It supplies the authorization workflow for web, desktop applications, and mobile devices.
- Is a server side web app that uses authorization code and does not interact with user credentials.
- It gives users more control over their data; they can selectively grant access to various functionalities for applications they want to use.
| Term | |
|---|---|
| Client ID | is a public identifier for apps. Even though it’s public, it’s best that it isn’t guessable by third parties, so many implementations use something like a 32-character hex string. |
| Client Secret | is a secret known only to the application and the authorization server. |
| Authentication Endpoint | Use the authentication endpoint to specify an endpoint that is called to obtain an access token which can then be used in the subsequent password update callouts. |
| Access Token Endpoint | A token endpoint is an HTTP endpoint that micropub clients can use to obtain an access token given an authorization code. |
| API Endpoint | is one end of a communication channel. When an API interacts with another system, the touchpoints of this communication are considered endpoints. For APIs, an endpoint can include a URL of a server or service. |
| Authorization Code | is an alphanumeric password that authorizes its user to purchase, sell or transfer items, or to enter information into a security-protected space. |
| Access Token | are the thing that applications use to make API requests on behalf of a user. The access token represents the authorization of a specific application to access specific parts of a user’s data. |
What is JSON Web Token?
- “is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed”.
When should you use JSON Web Tokens?
- Authorization
- Information Exchange
What is the JSON Web Token structure?
- Header
- Payload
- Signature
