1
00:00:00,210 --> 00:00:07,890
In all of the previous videos, we looked at the scenario where one AIPA is trying to invoke other aipa

2
00:00:08,039 --> 00:00:10,410
staying inside a secure resource or what?

3
00:00:10,680 --> 00:00:19,410
And we saw how to leverage key up to were you not to implement application and authorization using or

4
00:00:19,410 --> 00:00:20,220
to framework.

5
00:00:20,430 --> 00:00:28,200
Now, in this lecture, let's try to understand another scenario where a Web application, which might

6
00:00:28,200 --> 00:00:36,090
be based upon Angular app React app, is trying to invoke an app present inside a secure resource somewhere

7
00:00:36,120 --> 00:00:41,280
so that that data boster by the resource our can be displayed on the UI.

8
00:00:41,520 --> 00:00:48,870
So this is the another scenario that we can focus now and try to understand how it works in this scenario.

9
00:00:49,050 --> 00:00:57,540
So the main difference between Web application invocation and Bowsman API invocation is inside Web application.

10
00:00:57,900 --> 00:01:06,150
We will have an user who enter the credentials, and this user is the resource Warner, who wants the

11
00:01:06,330 --> 00:01:08,250
resources present inside every source.

12
00:01:08,250 --> 00:01:15,390
So my Web application will act as a client application like we saw in that WATO framework.

13
00:01:15,660 --> 00:01:22,650
And definitely the Granter type that will be hard to follow for this scenario, a authorization code

14
00:01:22,650 --> 00:01:23,550
grant flow.

15
00:01:23,730 --> 00:01:31,200
So let's try to go and revise what is operation code granting flow inside or to framework like you can

16
00:01:31,200 --> 00:01:31,890
see here.

17
00:01:32,220 --> 00:01:39,330
First, as an user, I can use a client application so I can tell to my client application.

18
00:01:39,540 --> 00:01:45,670
I want to display the my launce detailed SARS-CoV-2 students which are hosted on the resource.

19
00:01:45,670 --> 00:01:47,040
So what then?

20
00:01:47,340 --> 00:01:55,020
My client application will redirect to me to Operation Server login page, where I can enter my username

21
00:01:55,020 --> 00:01:57,690
and password along with the client I.D..

22
00:01:57,990 --> 00:02:05,760
So if my authentication is successful, I will get the authorization code in the written now using the

23
00:02:05,760 --> 00:02:07,080
authorization code.

24
00:02:07,470 --> 00:02:14,700
My client will again have to make a call to what server by passing client ID and client secret.

25
00:02:14,880 --> 00:02:21,750
So if my claim secret is valid, I will get a successful access token from the operation server.

26
00:02:21,960 --> 00:02:28,110
Once I get a successful access token from the orzo work, then communication between resource server

27
00:02:28,110 --> 00:02:33,420
and whatsoever and client is pretty similar to like what we discussed before.

28
00:02:33,810 --> 00:02:41,310
And like, you know, here my client under authorization so will interact two times the very first time

29
00:02:41,640 --> 00:02:43,770
the user will enter his credentials.

30
00:02:44,130 --> 00:02:48,600
Along with the user credentials, we should also Poza what is a claim daily.

31
00:02:48,810 --> 00:02:57,600
So once I get the authorization call now using authorization code, I again how to invoke the authorization

32
00:02:57,600 --> 00:03:04,200
Sarwari AIPA in order to get an access token this time along with the authorization call, I need to

33
00:03:04,200 --> 00:03:06,990
pass clean, tidy and clean secret as well.

34
00:03:07,350 --> 00:03:15,480
So these two different EPA calls will bring more security into authorization code grant type compared

35
00:03:15,480 --> 00:03:17,010
to implicit grant type.

36
00:03:17,250 --> 00:03:20,460
In implicit grandpap, everything will be in a single call.

37
00:03:20,700 --> 00:03:26,910
There is no need of operation code, but that is very less secure and prone to security issues.

38
00:03:27,090 --> 00:03:32,820
So due to that reason, whenever you have a Web application into picture, please make sure you are

39
00:03:32,850 --> 00:03:35,170
using operation code grant type.

40
00:03:35,190 --> 00:03:41,520
And this is the most commonly used understander grant that we have inside or framework.

41
00:03:41,940 --> 00:03:49,920
So now we have a clarity that we are going to use or to call a grant type inside our easy bank application.

42
00:03:50,280 --> 00:03:56,970
So here we need to make sure we are creating a new client ID inside key clocktower.

43
00:03:57,240 --> 00:04:05,670
And definitely we should also create an user details so that he has access to the resource so that we

44
00:04:05,670 --> 00:04:07,650
are maintaining in the backend.

45
00:04:08,130 --> 00:04:14,010
So let's try to create an lengthily and the user details inside key cluck's over in that next lecture.

46
00:04:14,130 --> 00:04:14,640
Thank you.

47
00:04:14,640 --> 00:04:16,029
And I'll see you in that next lecture.

48
00:04:16,050 --> 00:04:16,350
Bye.