I doing research about OAuth2. A lot of things are clear for me but I have 2 questions.
With OAuth an client can be identified with the client_id and client_secret. But I cann't find the difference between these 2. I only found that the client_id is public and the client_secret is private.
I think it works like this but I'm not sure about it. *When there is an app called "GreatApp" which would to get data from the OAuth2 API. It registers by the API and it gets 2 id's one client_id which is the same for every individual installation of the GreatApp. And they get the client_secret which is unique for each individual installation of the GreatApp.
This means you can recognize the application which connects to the API with the client_id and you can recognize an individual phone or tablet by the client_secret.
Is this correct or am I wrong?
There are more than one kind of flow used by OAuth2. I read a lot about this and watched some videos on YouTube. They explain 2 or 3 kinds but they don't say clearly the name of each flow. I Googled a lot but I can't find a clear explanation about what type of flows there are and which I should use in what situation. I found this documentation but this is Oracle-specific I think.**
Is there someone who can explain to me the flows and when I should use which flow?
Client ids and secrets are used for confidential clients, meaning those that can keep a secret such as web applications that live on web servers. They are typically not used to register individual instances like mobile apps.
Which grant flow to use when I've described in this answer. HTH
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments