Bearer Authorization

• Write the following steps in the correct order:
  • Receive access token
  • Make a request to the access token endpoint
  • Redirect to a third party authentication endpoint
  • Register your application to get a client_id and client_secret
  • Make a request to a third-party API endpoint
  • Ask the client if they want to sign in via a third party
  • Receive authorization code

 

• What can you do with an authorization code?

Making sure that a certain user is actually allowed to touch some kind of data or not.

 

• What can you do with an access token?

A quick way to keep the user signed in.

 

• What’s a benefit of using OAuth instead of your own basic authentication?

it’s much more secure, and it also makes registering much faster and easier for users, making users more likely to make accounts on their visits to the site.

Go back to table of contents