OAuth
Resource providers
See the difference
How does it work
Let's Create new app
OAuth grant types (flows)
- Authorization Code Flow
- Implicit Flow
- Password Credentials Flow
- Client Credentials Flow
Authorization Code Flow
https://www.facebook.com/v2.11/dialog/oauth?
client_id={app-id}
&redirect_uri={redirect-uri}
&state=some_string
&scope=comma,separated,list,of,permissions
&response_type=code
GET https://graph.facebook.com/v2.11/oauth/access_token?
client_id={app-id}
&redirect_uri={redirect-uri}
&client_secret={app-secret}
&code=xxx
YOUR_REDIRECT_URI?
code=xxx
YOUR_REDIRECT_URI?
access_token={access-token}
&token_type={type}
&expires_in={seconds-til-expiration}
Or a proper JSON response
Implicit Flow
https://www.facebook.com/v2.11/dialog/oauth?
client_id={app-id}
&redirect_uri={redirect-uri}
&state=some_string
&scope=comma,separated,list,of,permissions
&response_type=token
YOUR_REDIRECT_URI?
access_token={access-token}
&token_type={type}
&expires_in={seconds-til-expiration}
If redirect URI is not specified (mobile or desktop app):
https://www.facebook.com/connect/login_success.html#
access_token=ACCESS_TOKEN...
Password Credentials Flow
Client Credentials Flow
GET /oauth/access_token
?client_id={app-id}
&client_secret={app-secret}
&grant_type=client_credentials
Returns JSON with access token
Know What Grant Type to Use
- A server-side web app - Authorization code
- A client-side web app (or mobile app) - Implicit
- An integration with an OAuth service - Password credentials
- An application that doesn’t interact with user data - Client Credentials
Thanks for attention!
OAuth
By Pavel Razuvalau
OAuth
- 477