What is OAuth?
OAuth is an open standard used for authorization;i.e to grant access to data or functionality etc without having to deal with the original authentication.
Authentication vs Authorization
Authentication is confirming your own identity whereas authorization is giving access to the system.
Different type of Authorization Grants
There are four Authorization Grant type and used in different contexts
Authorization code: used for backend web apps
Implicit: used for SPA applications executing on the browser
Client credentials: used for machine to machine authentication of service accounts
Resource owner password credentials: used for highly trusted applications
Actors in OAuth2.0 workflow
User/Resource Owner: end-user;i.e. owner of a user resource
User-Agent/Device: Browser or native application
Client Application:API's;i.e. application that is attempting to get access to the user's account. The application could be a website, mobile app, etc
Authorization Server: The server where the client applications are registered. Issued an access token to the client app.
Resource Server: Which hosts the secured and protected user resources on appropriate access token it shares the user resources.
Workflow of Authorization Code Grant Type
remaining coming soon ...
Top comments (0)