OAuth 2.0 and OpenID Connect Flows
OAuth 2.0 and OpenID Connect are industry standard protocols for authenticating users and authorizing third-party applications to access Web APIs on behalf of a resource owner approving that access or by allowing those third-party applications to access those APIs directly.
In OAuth 2.0, the entities involved in this exchange include the following:
- Resource Owner – This is the user who owns the resource or data, such as their profile information, that is being requested by the application.
- Client Application– This is the application that is requesting the user's data. To call EmpowerID APIs, this application must be registered in EmpowerID.
- Authorization Server – This is the identity store that knows about the resource owner and can verify their identity and issue tokens to authorize access to the requested resources.
- Access Token – This is the key issued by the Authorization server to allow the client application to access requested resources from the resource server.
- Resource Server – This is the API endpoint or server where the user's resources live.
A basic representation of these entities in an OAuth 2.0 flow is shown below:
Getting Started
Register an OAuth Application
Get an Access Token
Create Person Objects
Edit Person Attributes
OAuth 2.0 Flows
Authorization API
Overview of JSON Signing and Encryption
JSON Signing and Encryption
JSON Signing and Encryption Tutorial
JSON Tutorial