Source: medium.com
OAuth2 and OpenID Connect for microservices and public applications (Part 2Category: Data, github
Using OAuth2 and OpenID Connect, it is important to understand how the authorization flow is taking place, who shall call the Authorization Server, how to store the tokens. Part 1, OAuth2 and OpenID Connect, a gentle and working introduction focuses on integrating your first application with an OpenID Connect server (Dex) and experienced the Authorization Code Flow with an external provider.
It is a temporary code returned by the Authorization Server to the client who will exchange it with an access token.
For every HTTP call, the request must include a “header” named “Authorization” with a value starting with “Bearer” and followed by the token: It is called a bearer authentication in the sense that it means “give access to the bearer of this token”.
It might seem complicated but for those of us familiar with Kerberos and GSSAPI, it is indeed much easier to grasp.
It is a temporary code returned by the Authorization Server to the client who will exchange it with an access token.
For every HTTP call, the request must include a “header” named “Authorization” with a value starting with “Bearer” and followed by the token: It is called a bearer authentication in the sense that it means “give access to the bearer of this token”.
It might seem complicated but for those of us familiar with Kerberos and GSSAPI, it is indeed much easier to grasp.
Related Articles
Community Partners
DevOps Careers