OAuth 2.0 - Obtaining End-User Authorization


The authorization end points are the URL's which makes an authentication request on the authorization server, in which the resource owner logs in and permits to access the data to the client application. For instance, address of JSP page, PHP page, etc.

The authorization end user can be described as shown in the following diagram.

OAuth 2.0 End User Authorization

The authorization endpoint can be defined in three ways −

  • Authorization Endpoint
  • Redirection Endpoint
  • Token Endpoint

Authorization Endpoint

  • Authorization endpoint can be used to interact with the resource owner who permits the authorization to access the resource of the resource owner.

  • First, the user accesses the resources of the resource owner by using the client application. The client application will be provided with the client id and client password during registering the redirect URI (Uniform Resource Identifier).

  • Next, the user can login via client application on the authorization server. which contains Authorization Endpoint.

  • Authorization endpoint redirects the user with URI (Uniform Resource Identifier) and authentication code to the user.

Redirect Endpoint

  • The user accesses the page located at redirect URI (Uniform Resource Identifier) in the client application.

  • The client application provides client id, client password and authentication code to the authorization server.

Token Endpoint

  • At this point, the client application interchanges the client id, client password and authorization code to obtain an access token.

  • The client application sends these credentials to the user along with the token. Once the user receives the token, it can be sent to the access resources such as Facebook, Google, etc. to access the resources in the system, related to the logged in users.