Bearer Authentication
Write the following steps in the correct order
-
Register your application to get a client_id and client_secret
-
Ask the client if they want to sign in via a third party
-
Make a request to a third-party API endpoint
-
Receive access token
-
Receive authorization code
-
Make a request to the access token endpoint
-
Redirect to a third party authentication endpoint
What can you do with an authorization code?
- conduct transactions or restricted access data/spaces
What can you do with an access token?
- access an API
What’s a benefit of using OAuth instead of your own basic authentication?
- more secure
- easier
Document the following Vocabulary Terms
-
Client ID: public identifier for the application which is unique to each client
-
Client Secret: value kept secret by the app and server
-
Authentication Endpoint: wheere the user verifies their identity
-
Access Token Endpoint: where authorization code code can be exchanged for an access token
-
API Endpoint: where the API requests resources from the server