Bearer Authorization :

1. Write the following steps in the correct order?

1. Register your application to get a client_id and client_secret.
2. Ask the client if they want to sign in via a third 1. party.
3. Redirect to a third party authentication endpoint.
4. Make a request to a third-party API endpoint
5. Receive authorization code.
6. Make a request to the access token endpoint.
7. Receive access token

2. What can you do with an authorization code?

is an alphanumeric password that authorizes its user to purchase, sell or transfer items, or to enter information into a security-protected space. An authorization code is typically a sequence of letters, numbers, or a combination of both, that validates a person’s identity, approves a transaction or provides access to a secured area.

3. What can you do with an access token?

Access tokens are the thing that applications use to make API requests on behalf of a user. The access token represents the authorization of a specific application to access specific parts of a user’s data. The token endpoint is where apps make a request to get an access token for a user. This section describes how to verify token requests and how to return the appropriate response and errors.

4. What’s a benefit of using OAuth instead of your own basic authentication?

• enables apps to obtain limited access (scopes) to a user’s data without giving away a user’s password.
• created as a response to the direct authentication pattern.
• create a better system for the web
• federated identity was created for single sign-on (SSO).

---

Document the following Vocabulary Terms ===

Client ID

a unique identifier for a browser–device pair that helps Google Analytics link user actions on a site.

Client Secret

is a secret known only to your application and the authorization server.

Authentication Endpoint

is a security mechanism designed to ensure that only authorized devices can connect to a given network, site or service.

Access Token Endpoint

is where apps make a request to get an access token for a user.

API Endpoint

is a point at which an application program interface (API)

Authorization Code

is a temporary code that the client will exchange for an access token.

Access Token

are the thing that applications use to make API requests on behalf of a user.

---

Ibarhem Al-omari

GitHub

LinkedIn

Email: ibrahem.omari96@gmail.com