Tohuwabohu excorcism

User Tools

Site Tools

Trace: raspberry sonarqube tests ansible
security:auth0

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
security:auth0 [2019/01/09 20:37] – [Authorization Grant Types] skipidarsecurity:auth0 [2023/11/01 07:13] (current) – ↷ Page moved from business_process_management:camunda:security:auth0 to security:auth0 skipidar
Line 75: Line 75:
 https://auth0.com/docs/protocols/oauth2#authorization-grant-types https://auth0.com/docs/protocols/oauth2#authorization-grant-types
  
-|**Authorization Code** (Regular Web App Login Flow)|Regular Web Apps are here the web apps, having client/server components. Used by Web Apps executing on a server too, not only in browser. \\ \\  The end user owns the resource. Here the authorization token is stored on the server, bypassing the users browser. \\ \\ **The authorization code + clientID + Client Secret (client is here the backend alias server) are used for authentication. They are exchanged for the access (bearer) token. Everything happens on the backend side here.**| +|**Authorization Code** (Regular Web App Login Flow)|Regular Web Apps are here the web apps, having client/server components. Used by Web Apps executing on a server too, not only in browser. \\ \\  The end user owns the resource. Here the authorization token is stored on the server, bypassing the users browser. \\ \\ **The authorization code + clientID + Client Secret (client is here the backend alias server) are used for authentication. They are exchanged for the access (bearer) token. \\ Everything happens on the backend side here.**| 
-|**Implicit** (Single-Page Login Flow) |used by JavaScript-centric apps (Single Page Applications) executing on the user's browser.|+|**Implicit** (Single-Page Login Flow) |used by JavaScript-centric apps (Single Page Applications) executing on the user's browser. The end user owns the resource. **The access (bearer) token is used for authentication, stored in the browser.** |
 |**Resource Owner Password Credentials**| Used by trusted apps. The end user still owns the resource. **End users username/password in plain text are used for authentication.**| |**Resource Owner Password Credentials**| Used by trusted apps. The end user still owns the resource. **End users username/password in plain text are used for authentication.**|
 |**Client Credentials** (Machine to machine)|used for machine to machine communication, when the client (like cron job) owns is the resource. **The ClientID / Client Secret are used for authentication.** | |**Client Credentials** (Machine to machine)|used for machine to machine communication, when the client (like cron job) owns is the resource. **The ClientID / Client Secret are used for authentication.** |
Line 110: Line 110:
 The Auth0 Application - has a <color /#22b14c>Client ID</color> The Auth0 Application - has a <color /#22b14c>Client ID</color>
  
 +
 +===== Auth0 API =====
 +Its just the way of Auth0 to maintain the **audience** https://curity.io/resources/architect/claims/scopes-vs-claims/
 +and the expiration of tokens, given to reach out for the audience.
  
  
Line 252: Line 256:
  
 </sxh> </sxh>
 +
 +
 +
 +The Demo application which is 
 +  * using Auth0 authentication
 +  * accessing AWS services
 +
 +is hosted here https://github.com/skipidar/awsViaAuth0.npm
 +
 +
security/auth0.1547066241.txt.gz · Last modified: (external edit)