reading-notes

Reading notes for Code Fellows!

Project maintained by William-Moreno Hosted on GitHub Pages — Theme by mattgraham

Bearer Authorization

Write the Following Steps in Order

  1. Register your application to get a client_id and client_secret
  2. Ask the client if they want to sign in via a third party
  3. Redirect to a third party authentication endpoint
  4. Make a request to a third-party API endpoint
  5. Receive authorization code
  6. Make a request to the access token endpoint
  7. Receive access token

What Can You Do With an Authorization Code?

An authorization code is a temporary code that the client will exchange for an access token. “Authorization Code Grant”

What Can You Do With an Access Token?

Access tokens are the thing that applications use to make API requests on behalf of a user. The access token represents the authorization of a specific application to access specific parts of a user’s data. “Access Tokens”

What is a Benefit of Using OAuth Instead of Your Own Basic Authentication?

The access to the resources is realized via HTTP / HTTPS with the token indicated in the headers. This allows OAuth usage in almost any solutions: in mobile and desktop applications, on various sites, and even in browser plug-ins. “Oauth 2.0 Basic Understanding”

Vocabulary Terms

| Vocabulary Term | Definition | | — | — | | Client ID | The client_id is a public identifier for apps. It must be unique across all clients that the authorization server handles. “The Client ID and Secret” | | Client Secret | The client_secret is a secret known only to the application and the authorization server. It must be sufficiently random to not be guessable. “The Client ID and Secret” | | Authentication Endpoint | The authorization endpoint can be used to request either access tokens or authorization codes (implicit and authorization code flow). “Authorization/Authentication Endpoint” | | Access Token Endpoint | The token endpoint is used by the application in order to get an access token or a refresh token. In the Authorization Code Flow, the application exchanges the authorization code it got from the authorization endpoint for an access token. “OAuth 2.0 Authorization Framework” | | API Endpoint | Simply put, an endpoint is one end of a communication channel. When an API interacts with another system, the touchpoints of this communication are considered endpoints. For APIs, an endpoint can include a URL of a server or service. Each endpoint is the location from which APIs can access the resources they need to carry out their function. “API Endpoints - What Are They? Why Do They Matter?” | | Authorization Code | The authorization code is a temporary code that the client will exchange for an access token. The code itself is obtained from the authorization server where the user gets a chance to see what the information the client is requesting, and approve or deny the request. “Authorization Code Grant” | | Access Token | Access tokens are the thing that applications use to make API requests on behalf of a user. The access token represents the authorization of a specific application to access specific parts of a user’s data. “Access Tokens” |

3 Things I Had Previously Heard of and Now Have Better Clarity On

  1. JWT is smaller and more compact making it a good choice to pass in HTML and HTTP
  2. JWT are a stateless solution for authentication whhich is why it is perfect for restful APIs
  3. Do not keep sensitive data in JWT

3 Things I Am Hoping to Learn More About in the Upcoming Lecture

  1. How JWT works as a single token and avoids querying the database multiple times for multiple requests
  2. How the ‘secrets’ are determined for a JWT token
  3. The token verification process

I Am Most Excited About Trying to Implement or See How These Work:

Back to Main