Skip to main content

A brief introduction to Oauth2.0

OAuth is an open-standard authorization protocol (not to be confused with authentication protocols) that allows unrelated servers and services to safely allow authorized access to their assets without actually sharing the login credentials. Using OAuth 2.0, the application can access the user's data without the disclosure of the user's credentials to the application. The API will grant access only when it receives a certain valid access token from the application. Among different authorization protocols, Oauth2.0 is known for being secure, third-party, user-agent, and delegated authorization.


cloud computing


Working of Oath2.0

During the implementation of OAuth 2.0, there are the following processes:

  •  Request authorization from the app to the user.
  • The user authorizes the request.
  • The app presents the proof of authorization to the server to get the token, and the token is restricted for particular access based on what the user has authorized for a specific app.

There are three public and three confidential flow schemes that ensure that there is a smooth propagation of requests and data among various applications, APIs, and internal services between servers while maintaining a layer of security. The three flow schemes of Oauth2.0 are:

Confidential Scheme: A confidential scheme is appropriate when an application can maintain the client's secret. This commonly occurs when an application obtains OAuth access tokens after running in a browser and accessing its server. Thus, the client's secret is utilized in these schemes.

1.    Application flow: The user is not required to grant authorization at any point in the application flow scheme. Instead, the program obtains an access token using its client secret.

 

2.    Password flow: The user gives the application a username and password that can be used to access the user's data in the password flow scheme. After that, the client will make a direct request for an access token from the provider API.

 

3.    Access code flow: In the access code flow, the application requests authorization from the user using a form provided by the gateway server, which, if they agree, gives the application an authorization code. The provider API receives the authorization code from the application and responds with an access token.

Public Scheme: A public scheme is used when an application cannot protect the confidentiality of

Secrets of the client. The majority of the time, this is the case when a program is native to a computer or

the secret would have to be kept on the user's device, maybe inside the smartphone was the source code for the program. Because of this, these schemes don't leverage the client's secret.

 

1.     Implicit flow: In the implicit flow scheme, the application requests an access token from the gateway server, and the user grants permission, at that point, the user is given an access token, which he or she must then pass to the application.

 

2.     Password flow: The user gives the application a username and password that can be used to access the user's data in the password flow scheme. After then, the client will speak with the server directly to ask for an access token. Because the user's password is disclosed to the application in this situation, trust between the user and the application is necessary.

 

3.     Access code flow: In the access code flow, the application requests authorization from the user using a form provided by the gateway server, which, if they agree, gives the application an authorization code. The provider API receives the authorization code from the application and responds with an access token.

 

Difference between OAuth 2.0 and OAuth 1.0

OAuth 2.0 is a framework, not an authentication protocol like OAuth1.0. OAuth 1.0 was primarily developed for traditional web technology, not for mobile apps. But with the exponential growth of smartphones OAuth, 1.0 was redesigned to form OAuth 2.0 which offered an authentication process involving tokens. These tokens can be used to ensure secure communication among applications, APIs, and different services.

Some of the main differences between OAuth 1.0 and OAuth 2.0 are

OAuth 1.0

OAuth 2.0

Requires login credentials

Do not require login credentials as it relies on SSL/TLS

HTTPS communication is not needed

HTTPS communication is needed

Used in only web browsers

Can be used in mobile applications, APIs, and internal services between servers

More complex to design and develop

Less complex to design and develop

More secure because it Requires login credentials for communication

Less secure than Oauth1.0 are it uses tokens

 

Location: M55C+53 Brownell, KS, USA

Comments

Post a Comment

Popular posts from this blog

Programming on Android Devices

If you are an aspiring programmer who wants to code on the go, you might be wondering how I can do programming on Android device either be a tablet or smartphone. Programming on Android devices can be challenging, it is difficult to find a way for software development on android devices. Here, in this blog post I will share with you some of the methods that might be helpful whether you want to learn a new language, practice your skills, or work on a project. VS code for web VSCode web is a browser-based version of the popular code editor that lets you edit and run code from anywhere. It's great for working on projects on the go, or for collaborating with others online. But what if you don't have a laptop or a desktop computer handy? What if you only have an Android tablet? Well, you can still use VSCode web with a few simple steps. Here's how: Open your Android tablet's browser and go to https://vscode.dev/. This will launch VSCode web in your browser. Tap on the menu i...
Post a Comment
Read more

create a react native app with expo without using typescript

React Native, combined with Expo, provides an easy and efficient way to build mobile applications. While TypeScript is commonly used for type safety, many developers prefer JavaScript for its simplicity and faster setup. Prerequisites Before getting started, ensure you have the following installed: Node.js   npm or yarn ( you will get it along node js) Expo CLI (for building app for production ) Setting Up the Expo App T he original setup that  expo@latest  would give you includes file-based routing.  To create a new React Native project without TypeScript, run the following command: npx create-expo-app your-appname --template blank you can replace your-appname with name of your choice additionally you need to install some other packages such as expo router npx expo install expo-router Once the project is created, navigate to your project directory: cd   your-appname Project Structure Your project structure should look like this: your-appname / ├── App/ ├── pac...
Post a Comment
Read more

How next JS is different from react JS.

If you are a web developer, you have probably heard of React, the popular JavaScript library for building user interfaces. React is widely used for creating single-page applications (SPAs) that run in the browser and offer a fast and interactive user experience. However, React is not a framework, but a library, which means that it does not provide a complete solution for building web applications. You still need to configure other tools and libraries, such as routing, state management, server-side rendering, code splitting, testing, etc. This is where Next.js comes in. Next.js is a framework that builds on top of React and provides a lot of features and benefits that React alone does not offer. Next.js is designed to make web development easier and faster, by providing a ready-made solution for common web development challenges. In this blog post, we will compare Next.js and React and see what the main differences and advantages are of each one. but first we should know about the d...
Post a Comment
Read more