Terminology
OAuth 2.0 is an authorization concept/framework that enables third-party applications to access a user's data without needing their credentials. Here are some key terminologies associated with OAuth 2.0.
For a more extensive details please visit the official website PHP OAuth 2.0
documentation.
Understanding these terminologies is crucial for implementing OAuth 2.0 securely and effectively in various applications
and services.
| Grant type | Description |
|---|---|
Resource Owner (Users) | The entity that owns the protected resource and has the ability to grant access to the requested client (app). |
Access Token | A credential representing the authorization granted to the client by the resource owner. It's used by the client to access protected resources on the resource server. |
Client (Apps) | The application requesting access to a protected resource on behalf of the resource owner. This could be a web application, mobile app, or service. |
Authorization Server | The server responsible for authenticating the resource owner and issuing access tokens to the client after successful authentication. |
Resource Server | The server hosting the protected resources that the client wants to access. It verifies the access token and grants access to the requested resources if the token is valid. |
Authorization Grant | The mechanism used by the client to obtain the access token from the authorization server. Common grant types include authorization code, implicit, password, and client credentials. |
Redirect URI | The URI to which the authorization server redirects the user-agent (e.g., web browser) after successful authentication or authorization. It typically includes the authorization code or access token. |
Scope | A permissions' parameter used to specify the resources and operations a client can access on behalf of the resource owner. |
Refresh Token | A token used to obtain a new access token when the current access token expires. It allows the client to maintain access to resources without having to re-login. |
Bearer Token or JWT | A JSON Web Token is a method for representing claims securely between two parties as defined in RFC 7519. |
✨ Here a little animation represent the
OAuth 2.0 Authorization code flows which will boost your understanding about the overall authorization flows.