Al Saganich
Great video! Thanks for the clear and concise description!
Aritra Mukherjee
Amazing explanation and illustrations helped a lot. Thanks!
SĂ©rgio Azevedo
Thanks David Neal. Best explanation Iâve seen.
Asa Jayasiri
Dear David,
Thanks a lot for the very awesome work. You saved valuable time by simplifying the complexity of OAuth 2 and OIDC.
Great Job!!!
Hung Nguyen
Thanks, super easy to understand!
Hallvard Hvidsten
Great article that gave me more understanding of Oauth and Oidc. But, I thought the access-token was short lived?
Nat Krishnan
Very well done. One minor detail to avoid confusion to all⊠âRedirection URIâ, âRedirection URLâ, âRedirect URIâ, âRedirect URLâ, âCallback URLâ and âCallback URIâ are all same. The official term (RFC 6749 - OAuth 2.0) is âRedirection Endpointâ
nitewulf
The only bit that I donât see explained is this bit "the Access Token is just a string of gibberish to pass with any request to the Resource Server, and the Resource Server knows if the token is valid. "
How? What is the link between the Resource Server and the Authorization server, especially if they are in different domains?
Ravi Kumar
How does the Resource Server trust the Authorization server. Do they exchange a Client ID/secret as well. I, mean if they are different servers?
But first of all, easy explanation to a complex topic, Fantastic and thanks.
jain_vi
Nice explanation !!!
lakshmi
How to build single sign on application using okta jwt?
Please give me an example of how to build without spring bootâŠ
Ăyvind Berg Ramsem
Thank you! Really helpful!
sasidhar samala
Simply Awesome explanation.
Hats Off Sir
é·è°·ć·ăăă
did you draw all the pictures, you should become an artist.
Kishore Jagannath
Thanks for the article. Now If I want to implement authorization in Terrible pun of the day website and I want to implement roles say person with admin role can perform all actions, while person with READ role can only READ. How do I implement this with Open ID connect. How will I know what role should i give tio the person authenticated by facebook or twitter?
Rohanraj Mahendra Solanki
Nice one.
Zendul
While I type this comment, I am actually using OAuth to login with email.
Great article.
sky-high
Why is the authorization code required by the client? Canât they get the ID/Access tokens directly bypassing that code. what are the benefits in using the authorization code? I understand it provides additional checks to secure the access between the client and auth server, but if I can trust the client, then do I still need this step?
Thinh Dinh
Not sure you get the answer or not. Anyway it is possible to issue ID/Access tokens to client app and it is called implicit flow. For more details: https://tools.ietf.org/htmlâŠ
Daud Fauzy W
Very nice and awesome explanation, i could understand it easily. Thank you very much!