Receiving grants
OAuth 2.0 basically allows a third party website to access a limited or selective set of user information on a particular website. There are different kinds of authorization flows, two common ones of which are as follows:
- Authorization grant
- Implicit grant
We'll have a look at them in the following sub-sections.
Authorization grant
An authorization grant consists of an authorization link, which looks like the following:
https://www.example.com/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=CALLBACK_URL&scope=read
Let's break down the different components here:
response_type: When set tocode, the OAuth authorization server expects the grant to be of authorization grant typeclient_id: This is the client ID/app ID of ...
Get Mastering Modern Web Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
