Definitive Guide

Introduction

These documents are written for developers who want to implement OAuth 2.0 and OpenID Connect using Authlete’s Web APIs.

However, even if you are not interested in Authlete, you can learn generic information through this document about OAuth 2.0 and OpenID Connect from an implementor’s viewpoint. Especially, descriptions about differences between OAuth 2.0 and OpenID Connect are worth reading for those who want to know what OpenID Connect has added to OAuth 2.0.

What You Need to Implement

This document briefly explains what you need to implement to build an OAuth/OpenID Connect ecosystem.

Authorization Endpoint (Spec)

This document explains the specifications related to the authorization endpoints defined in OAuth 2.0 and OpenID Connect.

Authorization Endpoint (Impl)

This document illustrates data flows that your implementation of authorization endpoint needs to handle with Authlete.

Token Endpoint

TBW

Protected Resource

This document describes how to protect your Web APIs by OAuth access tokens.

Authentication Callback

This document describes how to implement your authentication callback endpoint that uses the default implementations of authorization and token endpoints provided by Authlete.

Developer Authentication Callback

This document describes how to implement your developer authentication callback endpoint that will be required if you want to let third-party developers use your Developer Console.

Extra Properties

This document describes how to use extra_properties that can be associated with access tokens in Authlete.