I am using the OAuth 2.0 PHP Library to develop a OAuth 2.0 server in PHP.
In the example of that library I can see 3 tables: auth_codes
, clients
and tokens
.
As far as I know tokens are used to access the data and auth codes are used to obtain tokens.
But the problem is that if i do
...authorize.php?client_id=0123456789ab&response_type=token&state=test_state
I can get token without even getting the access code.
How is that possible ? Is this a proper implementation ?
There are two flows for OAuth2 authentcation.
Here you have encountered 2-legged OAuth which doesn't require the auth_code to get access_token dance :)
These are some useful links that will help you understand the difference better.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With