OAuth 2.0
Created at 2017-05-28T14:37:47+09:00

Example

<User (or future user) [RESOURCE OWNER]>
  |
  |
<Browser [USER AGENT]> --#-- <GitLab [AUTHORIZATION SERVER]>
  |                           |
  #                           @
  |                           |
<WebApp [CLIENT]>  -----@-----+

(Note: [XXX] (e.g. [RESOURCE OWNER]) is term used in rfc6749.)

  • Types of "keys"
    • static
      • client identifier
    • dynamic
      • authorization code (path (#) via "WebApp" -- "Browser" -- "GitLab")
      • access token (path (@) via "WebApp" -- "GitLab")

Reference