- Register your application to get a client_id and client_secret.
- Ask the client if they want to sign in via a third 1. party.
- Redirect to a third party authentication endpoint.
- Make a request to a third-party API endpoint
- Receive authorization code.
- Make a request to the access token endpoint.
- Receive access token
is an alphanumeric password that authorizes its user to purchase, sell or transfer items, or to enter information into a security-protected space. An authorization code is typically a sequence of letters, numbers, or a combination of both, that validates a person's identity, approves a transaction or provides access to a secured area.
Access tokens are the thing that applications use to make API requests on behalf of a user. The access token represents the authorization of a specific application to access specific parts of a user’s data. The token endpoint is where apps make a request to get an access token for a user. This section describes how to verify token requests and how to return the appropriate response and errors.
- enables apps to obtain limited access (scopes) to a user's data without giving away a user's password.
- created as a response to the direct authentication pattern.
- create a better system for the web
- federated identity was created for single sign-on (SSO).
a unique identifier for a browser–device pair that helps Google Analytics link user actions on a site.
is a secret known only to your application and the authorization server.
is a security mechanism designed to ensure that only authorized devices can connect to a given network, site or service.
is where apps make a request to get an access token for a user.
is a point at which an application program interface (API)
is a temporary code that the client will exchange for an access token.
are the thing that applications use to make API requests on behalf of a user.
Email: ibrahem.omari96@gmail.com