Open Authorization or OAuth is an open standard for token-based
authentication and authorization on the Internet. OAuth allows an end user's
account information to be used by third-party services, such as Facebook,
without exposing the user's password. This section describes an alternative
configuration to modifying the APIs to authenticate with OCSG. The installation
script automatically creates the APIs with support for OAuth as shown in
Figure A-9.
Authorization take place after client has been created and between the
two firewalls as shown in
Figure A-10.
This section assumes an API has been created and published and that the
corresponding partner application has also been created. After the application
has been created, assigned to a group, set up with the user account, set up the
authorization as described in this section.
The Authorization Code grant type is used by confidential and public
clients to exchange an authorization code for an access token. After the user
returns to the client via the redirect URL, the application acquires the
authorization code from the URL and uses it to request an access token.
Figure A-11 shows
this process using the resource owner authentication and code grant redirect.