Reading 12 0Auth - liz-kavalski-401-advanced-javascript/seattle-javascript-401n13 GitHub Wiki

OAuth2 simplified

• What is a 'TLS security'?
• What is function of 'secret'?
• Need to get permission from the client.
• the 'secret' comes in when it talking to the authorization server side of the web-browser.
• need a token exchange.
• For single-page apps or browser-based apps which run entirely in the browser after loading the source code from a web page. Do Not Use SECRET
• some concerns when it comes to mobile and the flow of OAuth2.
• Does have other grant type like password.
• This wedsite walks through the steps of making a OAuth2 app. -->(https://aaronparecki.com/oauth-2-simplified/)

Build a Node API with OAuth

• skip to the part that is titled "Secure Your Node + Express REST API with OAuth 2.0"
• OAuth2 flow allows a way of letting two servers communicate with each other, without the context of a user.
• The authorization server sounds like the middle man between the two servers.
• this part goes through how to create an authorization server
• Want to create some middleware that verifies the token sent by the client.
  • If the token is valid, it will continue with REST api.
  • If the token is invalid then it going to send an error.