Closed miniluz closed 5 months ago
Having read it, I have decided to only support the authorization code grant. It seems sufficient for what I want with this project.
As I've been unable to find a proper graph for the flow, I will insert from the RFC verbatum here:
+----------+
| Resource |
| Owner |
| |
+----------+
v
|
(B)
+----|-----+ Client Identifier +---------------+
| -+----(A)-- & Redirection URI ---->| |
| User- | | Authorization |
| Agent -+----(B)-- User authenticates --->| Server |
| | | |
| -+----(C)-- Authorization Code ---<| |
+-|----|---+ +---------------+
| | ^ v
(A) (C) | |
| | | |
^ v | |
+---------+ | |
| |>---(D)-- Authorization Code ---------' |
| Client | & Redirection URI |
| | |
| |<---(E)----- Access Token -------------------'
+---------+ (w/ Optional Refresh Token)
The following endpoints thus need to be implemented, each one with their own issues:
Read the OAuth 2.0 RFC-6749 and write down what you actually need to implement.