oauth tutorial - OAuth Authorization Response - oauth2 tutorial - oauth authentication
What is Authorization Response in OAuth 2.0?
- The authorization response is used to get the access token for accessing the user resources in the system by using the authorization code.
- The access token is given by the authorization server when it accepts the client ID, client password and authorization code sent by the client application.
- The authorization response is given by the authorization server, which allows accessing the request by using the access token which is given by the user.
- The authorization response contains the authorization code needed to obtain an access token. Here are the parameters included in the response:
Code:This parameter contains the authorization code which the client will later exchange for an access token.
state: If the initial request contained a state parameter, the response must also include the exact value from the request. The client will be using this to associate this response with the initial request.
Example
HTTP/1.1 302 Found
Location: https://oauth2client.com/redirect?code=g0ZGZmNjVmOWI&state=dkZmYxMzE2click below button to copy the code. By - oauth tutorial - oauth2 tutorial - team
- If the response is valid and the user grants the authorization response, the authorization server generates an authorization code and redirects the user back to the client web application.
Authorization Error Response
- If there is an error which occurs in the authorization code, then this response is used and hence this is known as Authorization Error Response.
- There are two cases in which the authorization server should display an error message directly:
- Case 1:If the client id which is given is invalid, then the error message will occur
- Case 2:If the redirect uri given is invalid, then the error message will be displayed.
- There are two situations where an error occurs during authorization, two situations can occur.
- The first situation is that the client is not authenticated or recognized by the authorization server. Then, the authorization server must not redirect the resource owner to the redirect URI.
- The second situation is that client is authenticated correctly, but some other error comes. In that case the following error response is sent to the client, which is included in the redirect URI:
| error | It is required and it can be given as one of a set of predefined error codes. |
| error_description | Error Description is a human-readable UTF-8 encoded text while describing the error. |
| error_uri | Error URI is pointing to a human-readable web page with the information about the error. |
Authorization Grant Type Response
- With the help of authorization grant, the authorization server generates an access token immediately and redirects to the callback URL with the token and other parameters which is given in the fragment.
- Here is an example which is given in the authorization server which redirects the user by sending the following HTTP response
Example:
HTTP/1.1 302 Found
Location: https://example-app.com/redirect#access_token=MyMzFjNTk2NTk4ZTYyZGI3
&state=dkZmYxMzE2
&token_type=bearer
&expires_in=86400