Skip to main content

A brief introduction to Oauth2.0

OAuth is an open-standard authorization protocol (not to be confused with authentication protocols) that allows unrelated servers and services to safely allow authorized access to their assets without actually sharing the login credentials. Using OAuth 2.0, the application can access the user's data without the disclosure of the user's credentials to the application. The API will grant access only when it receives a certain valid access token from the application. Among different authorization protocols, Oauth2.0 is known for being secure, third-party, user-agent, and delegated authorization.


cloud computing


Working of Oath2.0

During the implementation of OAuth 2.0, there are the following processes:

  •  Request authorization from the app to the user.
  • The user authorizes the request.
  • The app presents the proof of authorization to the server to get the token, and the token is restricted for particular access based on what the user has authorized for a specific app.

There are three public and three confidential flow schemes that ensure that there is a smooth propagation of requests and data among various applications, APIs, and internal services between servers while maintaining a layer of security. The three flow schemes of Oauth2.0 are:

Confidential Scheme: A confidential scheme is appropriate when an application can maintain the client's secret. This commonly occurs when an application obtains OAuth access tokens after running in a browser and accessing its server. Thus, the client's secret is utilized in these schemes.

1.    Application flow: The user is not required to grant authorization at any point in the application flow scheme. Instead, the program obtains an access token using its client secret.

 

2.    Password flow: The user gives the application a username and password that can be used to access the user's data in the password flow scheme. After that, the client will make a direct request for an access token from the provider API.

 

3.    Access code flow: In the access code flow, the application requests authorization from the user using a form provided by the gateway server, which, if they agree, gives the application an authorization code. The provider API receives the authorization code from the application and responds with an access token.

Public Scheme: A public scheme is used when an application cannot protect the confidentiality of

Secrets of the client. The majority of the time, this is the case when a program is native to a computer or

the secret would have to be kept on the user's device, maybe inside the smartphone was the source code for the program. Because of this, these schemes don't leverage the client's secret.

 

1.     Implicit flow: In the implicit flow scheme, the application requests an access token from the gateway server, and the user grants permission, at that point, the user is given an access token, which he or she must then pass to the application.

 

2.     Password flow: The user gives the application a username and password that can be used to access the user's data in the password flow scheme. After then, the client will speak with the server directly to ask for an access token. Because the user's password is disclosed to the application in this situation, trust between the user and the application is necessary.

 

3.     Access code flow: In the access code flow, the application requests authorization from the user using a form provided by the gateway server, which, if they agree, gives the application an authorization code. The provider API receives the authorization code from the application and responds with an access token.

 

Difference between OAuth 2.0 and OAuth 1.0

OAuth 2.0 is a framework, not an authentication protocol like OAuth1.0. OAuth 1.0 was primarily developed for traditional web technology, not for mobile apps. But with the exponential growth of smartphones OAuth, 1.0 was redesigned to form OAuth 2.0 which offered an authentication process involving tokens. These tokens can be used to ensure secure communication among applications, APIs, and different services.

Some of the main differences between OAuth 1.0 and OAuth 2.0 are

OAuth 1.0

OAuth 2.0

Requires login credentials

Do not require login credentials as it relies on SSL/TLS

HTTPS communication is not needed

HTTPS communication is needed

Used in only web browsers

Can be used in mobile applications, APIs, and internal services between servers

More complex to design and develop

Less complex to design and develop

More secure because it Requires login credentials for communication

Less secure than Oauth1.0 are it uses tokens

 

Location: M55C+53 Brownell, KS, USA

Comments

Post a Comment

Popular posts from this blog

Programming on Android Devices

If you are an aspiring programmer who wants to code on the go, you might be wondering how I can do programming on Android device either be a tablet or smartphone. Programming on Android devices can be challenging, it is difficult to find a way for software development on android devices. Here, in this blog post I will share with you some of the methods that might be helpful whether you want to learn a new language, practice your skills, or work on a project. VS code for web VSCode web is a browser-based version of the popular code editor that lets you edit and run code from anywhere. It's great for working on projects on the go, or for collaborating with others online. But what if you don't have a laptop or a desktop computer handy? What if you only have an Android tablet? Well, you can still use VSCode web with a few simple steps. Here's how: Open your Android tablet's browser and go to https://vscode.dev/. This will launch VSCode web in your browser. Tap on the menu i...
Post a Comment
Read more

How next JS is different from react JS.

If you are a web developer, you have probably heard of React, the popular JavaScript library for building user interfaces. React is widely used for creating single-page applications (SPAs) that run in the browser and offer a fast and interactive user experience. However, React is not a framework, but a library, which means that it does not provide a complete solution for building web applications. You still need to configure other tools and libraries, such as routing, state management, server-side rendering, code splitting, testing, etc. This is where Next.js comes in. Next.js is a framework that builds on top of React and provides a lot of features and benefits that React alone does not offer. Next.js is designed to make web development easier and faster, by providing a ready-made solution for common web development challenges. In this blog post, we will compare Next.js and React and see what the main differences and advantages are of each one. but first we should know about the d...
Post a Comment
Read more

Favicons: A Simple (But Complete) Guide

A favicon is a little 16x16 graphical icon used for branding a website. This is usually a logo, the brand's first letter, or a generic image. It was introduced in 1999 and was intended to be used in bookmarked URLs. However, these days, there are several instances where favicons are used. Here we will talk all about favicons and the importance of favicons in SEO. Where will you see favicons? It is displayed in the browser tabs, bookmarks, search history, search results, and search recommendations. All the major search engines like Google have incorporated favicons directly into the search results. Usage of favicon Favicon plays an important role in the SEO of the website. Favicon helps your website in a following way. Brand recognition A favicon helps the user identify your website among other similar websites. When the user opens multiple tabs in the browser, the favicon is to help users locate your web page in the browser. To add credibility and trust Favicons add a...
Post a Comment
Read more