Write the following steps in the correct order:
Register your application to get a client_id and client_secret
Receive authorization code
Make a request to a third-party API endpoint
Ask the client if they want to sign in via a third party
Receive access token
Make a request to the access token endpoint
Redirect to a third party authentication endpoint
^^^^^???????^^^^^
What can you do with an authorization code?
You can use it to give the user a preview of what information they are requesting so that they can approve or deny the request. If they approve it they will exchange for an access token
What can you do with an access token?
You can use it as a more secure way of passing the authorization code for a user so a hacker can’t access it.
^^^^^^ source ^^^^^^
What’s a benefit of using OAuth instead of your own basic authentication?
It’s more secure because it uses encryption.
Client ID - public identifier for applications that is unique for all clients a server handles
Client Secret - a server generated random secret only know by the app and auth server
^^ source ^^
Authentication Endpoint - used to request access tokens or auth codes source
Access Token Endpoint - Requested endpoint that gives users an access token
API Endpoint - Where an api sends requests for data
Authorization Code - What the user approves/denies in return for an access token to an API endpoint
Access Token - unique to each user to have access to an API endpoint
bookmarked