Resource Owner

Fleeting

OAuth 2.0

Notes pointant ici

• API key vs client id/secret
• Footnotes
• front channel is about UI and the back channel is about converting the outcome of the frontchannel to tokens
• how to deal with permissions in OAuth2?
• making sense of github OIDC flow
• OAuth 2.0
• OpenID Connect
• resource server does not need to know about the resource owner
• the purpose of OAuth 2.0 was to avoid that the client oauth 2.0 sees the resource owner’s password
• the resource owner needs to know the authorization server and trust it
• user consent screen

Permalink