The server responsible for issuing access tokens to the client after successfully authenticating and authorizing the client. The Authorization server is sometimes also responsible for user authentication
Possible ways a client can obtain an Access Token. OCLC support three different flows:
- Explicit Authorization Code
- Explicit Authorization Code + PKCE
- Client Credential Grant
The 80 character public portion of the WSKey.
A string which represents the functionality which the client is requesting authorization to use.
The unique string which represents the fact a user has successfully authenticated and the application has been granted the right to access one or more scopes for a particular institution. Authorization Codes are exchanged by clients to obtain Access Tokens.
A credential that can be used by an application to access an API. Access Tokens can be either an opaque string or a JSON Web Token (JWT) .
An access token which is returned with only SOME of the scopes the client application requested.
A simple authentication scheme used to protect HTTP requests. Requests contain the Authorization header with the key and secret joined by a colon and base64 encoded.
A longer lived token which a client can request and allows an application to obtain a new access token without prompting the user