CollaborationDiagram
OAuth
Client (web app)
User Agent (browser)
Auth. Server
Resource Server (API)
User
Redirect auth
endpoint
Validate user
credentials
Generate auth
code
Get token from
code
Authenticate
request &
generate acces
token
Save token
Do request
Get data
Has token?
Generate new
access token
from a refresh
token
Get token from a
refresh_token
Enter user
credentials
Accept
permissions
End
Start
(get resource)
Validate
result
Show data
Has valid
token?
Has old
token?
fasle
false
true
true
true
false