Authorization code grant type of oAuth2

0
votes

I am trying to implement Resource Owner part of oAuth2 (Authorization code grant type). While going through oAuth2 specification, I found following text about initial client request for authorization:

"The client directs the resource owner to the constructed URI using an HTTP redirection response, or by other means available to it via the user-agent."

I am a bit confused about "HTTP redirection response" part. can anyone explain a scenario in which client uses HTTP redirection response for directing resource owner to authorization endpoint.

1
oauth-2.0

1 Answers

0
votes

Imagine a user (Resource Owner) wants to access a resource (Resource Server) through an application (Client). The user sends a HTTP request with a web browser to execute an operation on the application. The access to the resource can not be authorized because the HTTP request contains no Access Token in the Authorization Header. In that case the application redirects the user to the Authorization Server instead of responding with an error message. By providing login credentials to the Authorization Server the user can initiate the Authorization Request.