Merge pull request #380 from marcaube/patch-2

Documentation: fix IdP abbreviation in auth-server-which-grant.md
This commit is contained in:
Alex Bilbie 2015-09-26 11:34:30 +01:00
commit 628377bff1

View File

@ -49,7 +49,7 @@ The authorisation code grant is the grant that most people think of when OAuth i
If youve ever signed into a website or application with your Twitter/Facebook/Google/(insert major Internet company here) account then youll have experienced using this grant.
Essentially a user will click on a “sign in with Facebook” (or other <attr title=“Identity Provider>IdP</attr>) and then be redirected from the application/website (the “client”) to the IdP authorisation server. The user will then sign in to the IdP with their credentials, and then - if they havent already - authorise the client to allow it to use the users data (such as their name, email address, etc). If they authorise the request the user will be redirected back to the client with a token (called the authorisation code) in the query string (e.g. `http://client.com/redirect?code=XYZ123`) which the client will capture and exchange for an access token in the background.
Essentially a user will click on a “sign in with Facebook” (or other <abbr title="Identity Provider">IdP</abbr>) and then be redirected from the application/website (the “client”) to the IdP authorisation server. The user will then sign in to the IdP with their credentials, and then - if they havent already - authorise the client to allow it to use the users data (such as their name, email address, etc). If they authorise the request the user will be redirected back to the client with a token (called the authorisation code) in the query string (e.g. `http://client.com/redirect?code=XYZ123`) which the client will capture and exchange for an access token in the background.
This grant is suitable where the resource owner is a user and they are using a client which is allows a user to interact with a website in a browser. An obvious example is the client being another website, but desktop applications such as Spotify or Reeder use embedded browsers.