...
OAuath 2.0 has four main flows or grant types. DualShield Authorisation server uses the Client Credential Grant TypeType and is typically used when the API endpoint is sitting on a reverse proxy Service.
There are a few key components:
| Panel | ||||||
|---|---|---|---|---|---|---|
| ||||||
Client Application: This is the application that want to access a protected resource Resource Server: The API or service the client wants to access, using the access token Authorisation Server: The server that authenticates the Client and issues access tokens (e.g. DualShield Authentication Server) Access Token: A credential issued by the authorization server that the client uses to access protected resources. Typically a JWT (JSON Web Token) consisting of a client ID and Client Secret. |
The Client Application Requests access to the API (Resource Server) via Reverse Proxy.