Reading Notes
a. Register your application to get a client_id and client_secret b. Receive authorization code c. Ask the client if they want to sign in via a third party d. Redirect to third party authorization e. Make a request to the access token endpoint f. Receive access token g. Make a request to a third_party API endpoint
What can you do with an authorization code? Temp code that a user will exchange for an access token
What can you do with an access token? Provide temporary secure access to make API calls
What’s a benefit of using OAuth instead of your own basic authentication? allows app to read user data from other applications, multi-platform, server-side that does not interact with user credentials
Client ID publicly available app identifier which allows for interaction with outside API’s
Client Secret secret key known to the application and the authorization server
Authentication Endpoint route that can be used to request access tokens or authorization codes
Access Token Endpoint route to request an access token
API Endpoint route by which an API interacts with another application
Authorization Code Temp code that a user will exchange for an access token
Access Token Provide temporary secure access to make API calls