Open Authorization Configuration Overview

Open Authorization or OAuth is an open standard for token-based authentication and authorization on the Internet. OAuth allows an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password. This section describes an alternative configuration to modifying the APIs to authenticate with OCSG. The installation script automatically creates the APIs with support for OAuth as shown in Figure A-9.

Figure A-9 OAuth Installation Script

Authorization take place after client has been created and between the two firewalls as shown in Figure A-10.

Figure A-10 Authorization Overview

This section assumes an API has been created and published and that the corresponding partner application has also been created. After the application has been created, assigned to a group, set up with the user account, set up the authorization as described in this section.

The Authorization Code grant type is used by confidential and public clients to exchange an authorization code for an access token. After the user returns to the client via the redirect URL, the application acquires the authorization code from the URL and uses it to request an access token. Figure A-11 shows this process using the resource owner authentication and code grant redirect.

Figure A-11 OAuth Code Grant