mirror of
https://github.com/ysoftdevs/oauth-playground-client.git
synced 2026-04-27 19:07:10 +02:00
Summary
This commit is contained in:
konarfil
@@ -115,50 +115,40 @@
|
||||
<h6>Let's break down what we have received...</h6>
|
||||
<ul class="collection">
|
||||
<li class="collection-item">
|
||||
<p><b>access_token</b></p>
|
||||
<p>This is the actual access token, which allows the client application to access the user's protected resources on the
|
||||
resource server (e.g., user profile, photos, etc.).
|
||||
It's encoded as a JSON Web Token (JWT), which can be decoded to reveal a header, payload, and signature.
|
||||
The payload of the JWT contains claims about the user and the authentication event. For example, the iss claim indicates
|
||||
the issuer of the token, the aud claim specifies the intended audience for the token, and the exp claim specifies the
|
||||
expiration time of the token. <a href="https://jwt.io/" target="_blank">Want to see what's inside?</a></p>
|
||||
<p><b>token_type</b></p>
|
||||
<p>Indicates the type of token issued. In OAuth 2.0, the common type is "Bearer", which means that whoever bears
|
||||
the token
|
||||
can access the resources.</p>
|
||||
</li>
|
||||
<li class="collection-item">
|
||||
<p><b>expires_in</b></p>
|
||||
<p>Indicates the number of seconds for which the <b>access_token</b> is valid. After this time, the access_token will expire and a
|
||||
new one must be obtained.</p>
|
||||
<p>Indicates the number of seconds for which the <b>access_token</b> is valid. After this time, the access_token
|
||||
will expire and a
|
||||
new one must be obtained.</p>
|
||||
</li>
|
||||
<li class="collection-item">
|
||||
<p><b>refresh_expires_in</b></p>
|
||||
<p>Indicates the number of seconds for which the refresh_token is valid. Once the refresh token is expired, the client will
|
||||
need to re-authenticate the user to get a new set of tokens.</p>
|
||||
<p><b>access_token</b></p>
|
||||
<p>This is the actual access token, which allows the client application to access the user's protected resources
|
||||
on the
|
||||
resource server (e.g., user profile, photos, etc.).
|
||||
</p>
|
||||
</li>
|
||||
<li class="collection-item">
|
||||
<p><b>refresh_token</b></p>
|
||||
<p>Used to obtain a new <b>access_token</b> when the current one expires. This allows the client to get a new <b>access_token</b> without
|
||||
requiring the user to log in again. Like the <b>access_token</b>, it's encoded as a JWT.</p>
|
||||
</li>
|
||||
<li class="collection-item">
|
||||
<p><b>token_type</b></p>
|
||||
<p>Indicates the type of token issued. In OAuth 2.0, the common type is "Bearer", which means that whoever bears the token
|
||||
can access the resources.</p>
|
||||
</li>
|
||||
<li class="collection-item">
|
||||
<p><b>not-before-policy</b></p>
|
||||
<p>Specifies a time before which the token should not be accepted. A value of 0 implies the token can be immediately used.</p>
|
||||
</li>
|
||||
<li class="collection-item">
|
||||
<p><b>session_state</b></p>
|
||||
<p>Represents the state of the user's session at the Authorization Server. This is the same value that could was
|
||||
returned during the Authorization Code Flow in the <b>session_state</b> parameter.
|
||||
It can be used in scenarios like OpenID Connect session management to monitor the user's session.</p>
|
||||
<p>Used to obtain a new <b>access_token</b> when the current one expires. This allows the client to get a new
|
||||
<b>access_token</b> without
|
||||
requiring the user to log in again.</p>
|
||||
</li>
|
||||
<li class="collection-item">
|
||||
<p><b>scope</b></p>
|
||||
<p>Specifies the scopes granted by the user to the client application. Scopes determine the permissions associated with the
|
||||
<b>access_token</b>. Here, the granted scopes are email, offline_access, and profile. This means that with the provided access_token, the
|
||||
client application can access the user's email and profile information and is also granted offline access (typically
|
||||
used in conjunction with refresh tokens).</p>
|
||||
<p>Specifies the scopes granted by the user to the client application. Scopes determine the permissions
|
||||
associated with the
|
||||
<b>access_token</b>. Here, the granted scopes are email, offline_access, and profile. This means that with
|
||||
the provided access_token, the
|
||||
client application can access the user's email and profile information and is also granted offline access
|
||||
(typically
|
||||
used in conjunction with refresh tokens).
|
||||
</p>
|
||||
</li>
|
||||
</ul>
|
||||
<p>And this concludes the Authorization Code Flow with PKCE. Client application would now be able to request resources on users behalf without having to transfer his credentials with each request.</p>
|
||||
@@ -176,7 +166,7 @@
|
||||
<script src="../js/load-layout.js"></script>
|
||||
<script src="../js/cookies.js"></script>
|
||||
<script>
|
||||
const tokenEndpoint = 'https://sso.rumbuddy.cz/realms/OAuthPlayground/protocol/openid-connect/token';
|
||||
const tokenEndpoint = 'https://www.sso.oauth-playground.online/auth/token';
|
||||
const clientID = 'oauth-playground';
|
||||
const code = new URLSearchParams(window.location.search).get('code');
|
||||
const codeVerifier = getCookie("code_verifier");
|
||||
|
||||
Reference in New Issue
Block a user