OAuth Part 3 – Clients and Protocol Endpoints

What is the client? This may be a little trivial, but it could cause a little confusion for some so we’re going to go into it briefly. The client is the thing running the code that talks to the authorization and resource servers on behalf of the user. If the code is running on a…


OAuth 2.0 Part 2 – The Four Party Diagram

Understanding the Four Party Diagram In the last post, we made it through defining the four roles represented in the four party diagram. Now we’re going to dig into the arrows that represent information flowing between the parties.     Authorization Request This is conceptually straightforward. The client needs to ask the resource owner for…


OAuth 2.0 Part I – In the beginning

Yes, another OAuth Post… I never really found the OAuth post that explained it at the level of detail I wanted so I really understood it. I’m attacking this using the actual spec itself as there is a ton of interesting stuff in there. You really should read it, it’s actually not that bad to…

1