OAuth access token and refresh token generation
I'm implementing my own OAuth authentication system (with refresh_token
support) for an app and I have some questions about how to do it:
Client identification: The client is registered in the auth server and
gets a client_id and a client_secret. How do I generate it? is there some
kind of relation between both values?.
User authentication: The client sends the users_credentials
(username+password for example) + client_id and gets a refresh_token and
(temp?)access_token. That access_token is the one I should use in further
request or I should use a
accesss_token`=F(refresh_token,access_token,client_secret). In the second
case what does the F function consist on?
Access token refresh: The client send client_id, refresh_token and gets a
access_token (and a optional new refresh_token). Does the access_token
need the same conversion (whatever it be), as in the point 2?
Complete answers and concrete examples will be "bountied"
No comments:
Post a Comment