Friday, 10 March 2017

Types of Grant Workflows

Resource Owner Password Grant

The User Credential are stored at client and sent to the token service which returns the token. Collecting and storing credential is the job of the token service doing it in client is consider not safe.The User Credential are stored at client and sent to the token service which returns the token. Collecting and storing credential is the job of the token service doing it in client is consider not safe.

This grant is only used in legacy scenario.

Implicit Grant

Implicit flow is commonly user when a client is javascript application a browser.

Here browser issue for Token to Token Service without explicitly providing client credential then a redirection occurs to a login page that is served by Token Service.

This approaches often has a security issue

Authorization Code

Authorization Code solves the security problem. It needs a web server Application i.e. the client.

Hear browser get a code back from Token Service and that browser send that code to Client(Web Server) Then client sends the code to Token Service and get the Token back.

Hybrid

No comments:

Post a Comment