[OAuthSample] Oauth implementation

Forge Component
Published on 2015-12-15 by João Amorim
5 votes
Published on 2015-12-15 by João Amorim
Good work João!

BTW: Your oAuth database design is different to my oAuth database design!

Here is my Oauth database design (main)

Retrieving an authorization code
  1. The application requests authorization to access service resources from the user
  2. If the user authorized the request, the application receives an authorization grant code
Retrieving an Access Token 
  1. The application requests an access token from the authorization server (API) by presenting authentication code of its own identity, and the authorization grant 
  2. If the application identity is authenticated and the authorization grant is valid, the authorization server (API) issues an access token to the application.
oAuth Authorization process is now complete.

Making web service calls via access token
  1. The application requests the resource from the resource server (API) and presents the access token for authentication
  2. If the access token is valid, the resource server (API) serves the resource to the application
The overall ruser experience is the same, we both followed the same oAuth 2.0 protocol. Except I implemented the optional Oauth refresh token.

Note: Scope/token permission tables are not shown in the entity relationship diagram above.