Overview
This page describes the OAuth Protocol integration steps.
OAuth Explained
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.
Authorization Grant
An authorization grant is a credential, presented to the authorization server in exchange for an access token which represents the resource owner’s authorization to access a resource. There are 3 types of authorization grants supported by Penn State’s OAuth Server.
From the OAuth2 Spec:
An authorization grant is a credential representing the resource owner’s authorization (to access its protected resources) used by the client to obtain an access token.
The original OAuth2 specification defines 4 grantTypes, and the ability to extend the spec to provide additional grantTypes. The OAuth2 Assertion framework defines 2 additional grantTypes: SAML and JWT. The JWT assertion type is supported in this implementation.
Grant Types: * Authorization Code * Implicit * Client Credentials * Password * JWT Assertions * SAML Assertions (Not Supported)
Request
- POST /oauth/api/token HTTP/1.1
- Host: dev.apps.psu.edu
- Accept: application/json
- Cache-Control: no-cache
- Postman-Token: 12aab471-73b0-0744-d70c-b12703eb21b7
- Content-Type: application/x-www-form-urlencoded
- grant_type=client_credentials&client_id=d3vQhjw4Ve2eJgZYTU7gEtTdRNAU6WRh&client_secret=PM2Yscn3ojFb2jOxhvatRpBZEqh8lTYb
References
- Click here to watch a video on OAuth.
- OAuth2 Specification: https://tools.ietf.org/html/rfc6749
- JWT Profile for OAuth Client Assertions: https://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-12
- OAuth Dynamic Client Registration Specification: https://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-30
- JSON Web Tokens Specification: https://tools.ietf.org/html/rfc7519
- OAuth2 Assertion Framework: https://tools.ietf.org/html/draft-ietf-oauth-assertions-18
Do you know what you are looking for?
Search the apps and get connected
Having Trouble
We can help you!
Accessibility | Legal | Copyright | Privacy | Equal Opportunity | Non-discrimination
© 2021 The Pennsylvania State University