Communication endpoints
Authorization endpoint
Service provided by the OAuth server.
Authenticates the resource owner (the user).
Asks for the delegation of access rights to its protected resources to the client.
Send an authorization grant to the redirection endpoint.
Token endpoint
Service provided by the OAuth server.
Produces access tokens given an authorization grant.
It can also produce refresh tokens.
Refresh tokens can be used to get new tokens.
With an authorization grant.
Client authentication.
ClientID + ClientSecret + HTTP basic authentication.
Redirect endpoint
Service provided by the client.
It collects the authorization grant provided by the OAuth server.
It should be called by the OAuth server using an HTTP redirect.
Last updated