Authorisation code flow
Token acquisition
Option A: WITH Consent Screen (Third-Party Apps)
Option B: WITHOUT Consent Screen (First-Party/Trusted Apps)
Consent Revocation Flow
Token Verification Flow (API Gateway's Role)
Token Refresh Flow
Key Takeaways:
β
API Gateway IS Involved In:
β API Gateway IS NOT Involved In:
Why This Separation?
Last updated