Receiving grants
OAuth 2.0 basically allows a third party website to access a limited or selective set of user information on a particular website. There are different kinds of authorization flows, two common ones of which are as follows:
- Authorization grant
- Implicit grant
We'll have a look at them in the following sub-sections.
Authorization grant
An authorization grant consists of an authorization link, which looks like the following:
https://www.example.com/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=CALLBACK_URL&scope=read
Let's break down the different components here:
response_type: When set tocode, the OAuth authorization server expects the grant to be of authorization grant typeclient_id: This is the client ID/app ID of the applicationredirect_uri: This contains a URL in percent-encoded form, and after the initial flow is complete, the authorization server redirects the flow to the specified URLscope: This refers to the level of access needed...
