OAuth 2.0 Client Credentials Flow is a common pattern used in microservices architecture for a federated identity model which nicely decouples the authentication domain from the business domain.
OAuth 2.0 for Mobile Apps and SPAs
In one of my earlier articles on OAuth 2.0, we looked at how the OAuth framework can provide delegated access to the client application by issuing an authorization grant. Authorization grant refers to the way the client application gets the access token. There are various types of authorization grants that can be used depending on … Continue reading OAuth 2.0 for Mobile Apps and SPAs
OpenID Connect (OIDC)
In my earlier post on OAuth 2.0, we looked at how OAuth framework is meant to be used for delegated access. The framework is meant to provide a universally standard process by which client applications can gain access to a protected resource with a pre-defined authorization scope. The client application can access the resource without … Continue reading OpenID Connect (OIDC)
OAuth 2.0 Demystified
OAuth is a delegated authorization framework that allows an application to access protected resource without asking for user's credentials that own's the resource. It was developed as a specification to standardize the process for applications to gain access to user's data or for services to authorize access to other services (API authentication and authorization). OAuth … Continue reading OAuth 2.0 Demystified