OAuth requires that applications register with the authorization server so that API requests are able to be properly identified. While the protocol allows for registration using automated means, most API providers require manual registration via filling out a form on their developer websites.
At the time of this writing
Google requires you to register your client by visiting its APIs Console, as shown in Figure 1-2.
Microsoft Windows Live requires you to register your client using its application management site.
Facebook requires you to register your client on the Facebook Developers site.
As an example, the following information is required to register an OAuth client with Google via their APIs Console:
Google Account
Product Name
Product Logo (optional)
Website URL used for Redirect URIs (for web applications only)
After registration is complete, the developer is issued client credentials:
- Client ID
Specified as
client_idwhen interacting with the resource server- Client Secret
Specified as
client_secretwhen exchanging an authorization code for an access token and refreshing access tokens using the server-side Web Application Flow (see Figure 7-1).
Registration enables the application developer to obtain client credentials, which are used to authenticate requests made to the authorization server. These credentials are critical in protecting the authenticity of requests when performing operations such as exchanging authorization codes for access tokens and refreshing access tokens (as described in Chapter 2).
Registration also gives the API provider information to improve the user experience during the authorization process. When presenting an application’s request for data access to the user, the API provider will often display the name and logo of the application.
See Figure 2-3 for an example of how Google uses the registration information on the approval screen.
Get Getting Started with OAuth 2.0 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
