OAuth 2.0 is an authorization protocol. It allows a third-party application to have access to an HTTP service, either on behalf of a resource owner, by arranging an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to have access on its own name.
OAuth 2.0 focuses on:
•Providing authorization flows to limit access to a service. Authorization flows are intended to be used by web applications, desktop applications, mobile phones, and room (bedroom, living room, etc) devices.
•Providing scopes to specify what access is requested by the application and what is authorized to be accessed by the owner of the accessed resource.
Authorization Flow (Flow Grant Types)
OAuth flows (grant types) refer to how an application obtains an access token that allows it to access resources exposed through an API. The standard uses these flows to solve all business scenarios that may arise in the consumption of APIs based on three variables:
•The type of consuming application.
•Its degree of confidence.
•How the resource owner interacts in the process.
Authorization Flows Available in Deyel
In Deyel, the following authorization flows are available:
•Client Credentials
This flow is used to consume the objects exposed in the Rest API. The client can request an access token using only their client credentials when requesting access to protected resources under their control.
•Resource Owner Password
Like the previous flow, it is used to consume the objects exposed in the Rest API. The flow is suitable for clients capable of obtaining the resource owner's credentials (username and password, typically via an interactive form) and working on their behalf with their protected resources.
•Refresh Token
It is used to refresh access tokens. This means that those access tokens that expire or become invalid should be exchanged for a new one using this flow. It is used in authorizations with the Resource Owner Password flow.
