A common OAuth allows a third-party client, such as PostMan web API, termed the client in the OAuth 2.0 specification, to operate on behalf of a user, without revealing that user’s credentials, such as user name and password, to the client. The client first sends the user credentials to an authorization server (Intergraph's Cloud9 service), which authenticates the user, obtains the user’s authorization, and issues an access token which the client can use in interacting with a resource server (Smart Reference Data database server)
|
|
|
|---|---|
|
1 |
User’s API Client sends an access token request to the SAM server. |
|
2 |
SAM server authenticates and responds with an access token. |
|
3 |
User sends an API request along with the access token. |
|
4 |
API server validates the access token. |
|
5 |
API server sends the API request to the Smart Reference Data (SRD) Server. |
|
6 |
SRD sends the response to the API Server. |
|
7 |
API Server sends the response to the user's API client. |
