OAuth 2.0 Endpoints
OAuth 2.0 defines a set of endpoints. An endpoint is typically a URI on a web server. For instance, the address of a Java servlet, JSP page, PHP page, ASP.NET page etc.
The endpoints defined are:
- Authorization Endpoint
- Token Endpoint
- Redirection Endpoint
The authorization endpoint and token endpoint are both located on the authorization server. The redirection endpoint is located in the client application. Each of these endpoints are covered below.
The endpoints are illustrated in this diagram:
|OAuth 2.0 Endpoints.|
The OAuth 2.0 specification does not describe how the URI of these endpoints are found or documented. That is up to each implementer to decide. Most sites will have a subsite for developers documenting these endpoints.
The authorization endpoint is the endpoint on the authorization server where the resource owner logs in, and grants authorization to the client application.
The token endpoint is the endpoint on the authorization server where the client application exchanges the authorization code, client ID and client secret, for an access token.
The redirect endpoint is the endpoint in the client application where the resource owner is redirected to, after having granted authorization at the authorization endpoint.