Farasath blogs

The first thing I did after joining the WSO2 Identity Server team was to test the WSO2 Identity Server 5.2.0-beta pack. I had some experience playing around with OAuth so I started testing OAuth scenarios. I was able to test most grant types with ease. Then came the authorization code grant type. The usual way to test it was to setup the playground2 app and test. I wanted to look for an alternate way to test the Authorization grant type without setting up the app (partly because I was lazy to download tomcat etc. :P ) So with the help of my team member Pushpalanka, I found an alternate way to get an access token by simply using a browser redirect and a curl command. So I wanted to make a note in case someone wanted to do the same :) 1. First, log in to the Identity Server management console.        the defaults are,                   username = admin                 ...

Previously I wrote a post on my first step towards understanding OAuth. This post continues builds on that. OAuth has different types of flows targeting various scenarios or use cases. The main feature that differentiates each of these flows is the grant type. What exactly is an OAuth grant type? An OAuth grant is something that a client application could exchange for an access token from an Authorization Server. An access token typically represents a user's permission for the client application to access the resources on their behalf OAuth Grant Types The OAuth 2.0 core specification  defines four types of grants, Authorization code grant Implicit grant Resource owner credentials grant Client credentials grant In addition to these the core specification also defines a refresh grant type. There are few new additions to these as well, Message authentication code (MAC) tokens SAML 2.0 Bearer Assertion Profiles JSON Web Token grant I would like to focus on ...