- OAuth 2.0 protocol allows the resource owner to grant limited access to their resources available on one website, to another website.
- Additionally, it allows this access without any exposure of resource owner's credentials.
- Users can then revoke access to their data at any time.
- API based workflow
- Redirection based workflow
The API-based workflow is a two step process:
- Generate OTP for users using Generate OTP endpoints.
- User will obtain a One Time Password (OTP) on their registered email address with a validity of 10 mins.
|API accepts username and sends OTP to registered email.
- Provide the OTP and username (user's email) to Verify the OTP endpoint.
- Obtain the
access_tokenand use that with all subsequent requests
|API accepts username and OTP to obtain resource owner's access_token.