2023-09-25 OAuth2.0 のフロー / OAuth 2.0 vs OpenID Connect
OAuth2.0 Flow
sequenceDiagram
participant User as User
participant App as Client
participant Auth as Authorization Server
participant Resource as Resource Server
User->>App: Click "Login with OAuth"
App->>Auth: Redirect to /authorize
Auth->>User: Present login screen
User->>Auth: Login & approve consent
Auth->>App: Redirect with auth_code
App->>Auth: POST /token (auth_code)
Auth->>App: Return access_token
App->>Resource: GET /resource (access_token)
Resource->>App: Return resource data
App->>User: Display resource data
sequenceDiagram
participant User as User
participant App as Client
participant Auth as Authorization Server
participant Resource as Resource Server
User->>App: Click "Login with OAuth"
App->>Auth: Redirect to /authorize
Auth->>User: Present login screen
User->>Auth: Login & approve consent
Auth->>App: Redirect with auth_code
App->>Auth: POST /token (auth_code)
Auth->>App: Return access_token
App->>Resource: GET /resource (access_token)
Resource->>App: Return resource data
App->>User: Display resource data
Google の場合
ref. Using OAuth 2.0 to Access Google APIs | Authorization | Google for Developers
OAuth 2.0 vs OpenID Connect
下記の動画がわかりやすかった。
OAuth & OIDCを理解するのに大変わかりやすい動画だった // OAuth & OIDC 入門編 by #authlete https://t.co/XXcZEn39wd
— toshimaru (@toshimaru_e) September 25, 2023