Explain OAuth2 like I'm five

I've actually been curious about this for a while and can't seem to find anywhere that really talks about this. Especially the server end of it.

Did you find this post useful? Show some love!

At a very high level, think of it as of a software variant of a (paper) passport: This is being granted to you by a central authority who "knows" who you are, so the passport is a pretty strong proof of your identity. With this passport, you can walk around and identify yourself in places where this is required (maybe your bank in order to have access to your accounting information, your rental car company to, well, rent a car, or your travel agency to buy plane tickets). All these want to know for sure you are "who you are", and the passport is a strong way to prove this. And it pretty much eases "real-world authentication" because you have one agreed-upon document with a well-defined meaning and a well-defined source of trust, so you don't need to care much about how to check if this person in front of you is actually who (s)he pretends to be.

OAuth is similar to this: A central instance (authentication service) validates your identity based upon certain information you provide (login name, password, maybe two-factor-authentication like a pin entered to a smartphone, ...) and provides you with a "token" (which is the digital representation of the passport in the example above). With this "token", you then may access certain services - your e-mail account, your Instagram account, your dev.to account, ... - with each of these services "trusting" the token because they "trust" the central instance in this case. For certain services, this eases the task to validate whether a user is "who (s)he claims to be".

I guess this is what it boils down to. It's of course a bit more complex in real implementation. Have a look at digitalocean.com/community/tutoria... for a more technical yet still straightforward introduction.

If a kid want to play with you, tell then to ask permission to your father. Then they ask permision to your father, and he tell them a magic word that you have to check with your father to see if it is true.

If he say that it is the magic word, you can play with the new kid as long as the magic word is ok with your father.

Classic DEV Post from Jun 22

Follow Friday! (v2)

Below you can either write about why someone might want to follow you or devs y...

Follow @ben to see more of their posts in your feed.
Meghan 🎩
21. Student. Dreamer. Doer. On a mission to change the world with code. she/her
More from @nektro
Would it be possible for routers to run Let's Encrypt?
#discuss #networking #security
Spectre & Meltdown: How does this affect mobile apps?
#discuss #security #spectre #meltdown
Trending on dev.to
Hive Mind, security in distributed IoT
#iot #security #ubiquitous
Thoughts on "Security Through Obscurity"
ESLint and the Problem with NPM
#security #javascript
Rails quick tips #4: Keep your bundle secure with bundler-audit
#ruby #rails #bundler #security
Virus in eslint-scope 3.7.2
#javascript #security #news #discuss
Memoization in a Nutshell
#explainlikeimfive #beginners #javascript