oauth2 What the Heck is OAuth? | Okta Developer
The actors in OAuth flows are as follows:
- Resource Owner: owns the data in the resource server. For example, I’m the Resource Owner of my Facebook profile.
- Resource Server: The API which stores data the application wants to access
- Client: the application that wants to access your data
- Authorization Server: The main engine of OAuth
OAuth Token
①: access_token
has an expiration time, which may be 12 hours, and is issued by the Authorization Server to determine its expiration time.
②: The refresh_token
is generally longer than the expiration time of the access_token, and is used to obtain the access_token again.
project structure