Developed through standard OAuth2 specification (RFC 6749).
Terminology | Description |
---|---|
Authentication | Step to verify whether a client is qualified for authentication and access. |
Authorization | Authorization, granting access to resources, and upon completion of authorization, an Access Token containing access to resources is granted to the client. |
Access Token | Passes resource server to Token with the expiration period used to acquire the protected resources of the resource owner. |
Refresh Token | Token that is used to renew when the Access Token expires, and generally has a longer expiration period than the Access Token. |
Parameter | Description |
---|---|
client_id client_secret | This information is used to prove the client's credentials and is used to verify the client when linking to the permission server. |
redirect_url | The URL setting information where the authorization server will send the response to the request. |
response_type | Authorization method when requesting authorization consent. Typically takes one of the following values · code: Authorization Code Grant · token: Implicit Grant |
grant_type | Sets the authorization method for access token requests. Typically uses one of the values below · authorization_code: Authorization Code Grant · password: Resource Owner Password Credentials Grant · client_credentials: Client Credentials Grant |
code | Access Token is used in the Authorization Code Grant method when requested. |
/v1/oauth2/authorize | GET | - | Request FNCY Authorization Code |
/v1/oauth2/token | POST | json | Request Token Issuance |
The client passes the client ID, redirect URI, and response type to FNCY authentication server with a parameter as code. After successful authentication, the FNCY authorization code is sent to the client.
After successfully receiving the FNCY authorization code, the client requests an additional access token from the FNCY certifier using the FNCY authorization code. The required parameters are Client ID, Client Password, Redirect URI, and Authentication Type.
Finally, uses the access token received from FNCY authentication server to send user data to the resource server.