Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the difference between access tokens and auth_codes in OAuth 2

I am using the OAuth 2.0 PHP Library to develop a OAuth 2.0 server in PHP.

In the example of that library I can see 3 tables: auth_codes, clients and tokens.

As far as I know tokens are used to access the data and auth codes are used to obtain tokens.

But the problem is that if i do

...authorize.php?client_id=0123456789ab&response_type=token&state=test_state

I can get token without even getting the access code.

How is that possible ? Is this a proper implementation ?

like image 205
ajaybc Avatar asked Mar 19 '12 10:03

ajaybc


1 Answers

There are two flows for OAuth2 authentcation.

  1. Two-legged OAuth
  2. Three-legged OAuth

Here you have encountered 2-legged OAuth which doesn't require the auth_code to get access_token dance :)

These are some useful links that will help you understand the difference better.

  1. http://cakebaker.42dh.com/2011/01/10/2-legged-vs-3-legged-oauth/
  2. https://sites.google.com/site/oauthgoog/2leggedoauth/2opensocialrestapi
like image 163
naveen Avatar answered Oct 03 '22 05:10

naveen