I am about to transition my application, PoQStacker, from OAuth1 to OAuth2.
I am trying to interpret the OAuth2 documentation:-
Access token usage
The authorization endpoint can return two types of access tokens. The authentication process is different for each of them.
Bearer tokens are the default type of access tokens. They are very easy to use, consist only of one component, which you should treat as a password. For this reason, it is only possible to use them over HTTPS. If you try to send them over plain HTTP, they will be ignored.
The preferred method to use bearer tokens is via the Authorization header. An authenticated request would look like the following:
GET /oauth2/userinfo HTTP/1.1
Authorization: Bearer jr5xkCAg4hGcls9FXMVIuQ
If i interpret this correctly, with OAuth2, I can only access the user’s data as a whole collection (/oauth2/userinfo).
Then if I wanted to modify any element of the user’s data, I GET the whole collection, modify the element(s), and POST the whole collection.
Are my interpretations correct?
Thanks in advance