oauth tutorial - OAuth User Agent - oauth2 tutorial - oauth authentication




What is User Agent in OAuth 2.0?

oauth 2.0 - oauth - oauth2 - oauth authentication , oauth token , oauth2 flow , oauth server , oauth flow , oauth2 authentication , oauth2 server , oauth refresh token ,  oauth authorization code -  oauth2 implicit  -   oauth response type -  google oauth 2  - what is oauth , saml vs oauth , oauth tutorial
  • The user agent application is used by the client application acts as the scripting language such as JavaScript which is running in a browser.
  • The user agent application is used for instance where JavaScript application is running in a browser.
  • A user agent application may be stored on a web server, but the application is only running in the user agent once it is downloaded.
  • We can store the user agent application which is done on the web server.
  • The following diagram shows the architecture of the public client user agent application.
 learn oauth tutorial - oauth user agent - oauth example

learn oauth tutorial - oauth user agent - oauth example

Description of the example

  • First, the user accesses the resources of the resource owner by using authenticating application such as Google, Facebook, Twitter, etc.
  • Then, the resource owner provides the client Id and client password to log on to the public client user agent application.
  • Then, the public client user agent application provides an instance of a JavaScript application running in a browser and links to the web hosting client.
  • The authorization server allows access to the resources from the resource server using the client credentials.
  • The resource server contains the resources, which are owned by the resource owner.
  • The web hosting client is used by public client application that resides on the computer.
  • It’s also used by public client apps running in a browser using a scripting language such as JavaScript.
  • These public client apps can protect user secrets and apps are widely distributed and also the client secret can’t be confidential.
  • The resource server uses the username-password authentication flow to authenticate when the customer already has the user’s credentials.
 learn oauth tutorial - oauth user agent application and salesforce - oauth example

learn oauth tutorial - oauth user agent application and salesforce - oauth example

  • In this diagram, the user’s credentials are used by the application to request an access token
  • The application uses the user username and password to request an access token.
  • This is done through an out-of-band POST request to the appropriate Salesforce token request endpoint,
  • Salesforce verifies the user credentials, and if it is successful, it sends a response to the application with the access token.
  • The application uses the provided access token to access protected user data which is given
  • The Web server authentication flow and user-agent flow provide a refresh token which can be used to obtain new access token.
  • Access tokens have a limited lifetime which is specified by the session timeout in Salesforce.
  • If the application uses an expired access token, a “Session expired or invalid” error is returned.
  • If the application is using the Web server or user-agent authentication flows, a refresh token is provided during the authorization which can be used to get a new access token.

Related Searches to OAuth User Agent