Using OAuth2 and OpenID Connect, it is important to understand how the authorization flow is taking place, who shall call the Authorization Server, how to store the tokens. Moreover, microservices and client applications, such as mobile and SPA (single page application) applications, raise a few questions as to which flow applies to modern OAuth2 architectures.
Part 1, OAuth2 and OpenID Connect, a gentle and working introduction focuses on integrating your first application with an OpenID Connect server (Dex) and experienced the Authorization Code Flow with an external provider. Oauth and OpenID Connect strategies are complicated and confusing, reading that part will some light.
Part 2, OAuth2 and OpenID Connect for microservices and public applications, provides a deep dive into the OpenID code flow by describing, explaining and illustrating each steps. Once completed, you will be able to apply them to your client and public applications (mobile, SPA, …) without the need of extra tools.
Flow description
In the previous part 1, we used the Dex server with its example application to log in with our GitHub account. Here is what happened. A client application requires the user to be authenticated. From the client application, the…
