• Tue Dec 17, 2024

Understanding OAuth 2.0

OAuth 2.0 is an authorization framework that allows third-party services to exchange web resources on behalf of a user. It's a safer and more secure way for users to give apps access to their data without exposing their passwords.

Key Components

  • Resource Owner: The user who authorizes an application to access their account.
  • Client: The application that wants to access the user's account. The client must be authorized by the user.
  • Authorization Server: The server that authenticates the Resource Owner and issues access tokens to the Client.
  • Resource Server: The server hosting the protected resources. This server accepts and responds to protected resource requests using access tokens.

Roles

OAuth 2.0 defines four roles:

  1. Resource Owner
  2. Client
  3. Authorization Server
  4. Resource Server

Authorization Grant

The application requests authorization to access service resources from the user. If the user authorized the request, the application receives an authorization grant.

 

GET /authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=CALLBACK_URL&scope=read HTTP/1.1 Host: server.example.com 

 

Access Token

With the authorization grant, the application can request an access token from the authorization server. The application includes the authorization grant in the request.

POST /token HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=AUTHORIZATION_CODE&redirect_uri=CALLBACK_URL&client_id=CLIENT_ID 

Accessing Protected Resources

The application accesses protected resources by presenting the access token to the resource server. The resource server validates the access token and serves the request.

GET /resource HTTP/1.1 Host: server.example.com Authorization: Bearer ACCESS_TOKEN 

In Essence

OAuth 2.0 is a powerful authorization framework that enables applications to secure delegated access to server resources on behalf of the user. It standardizes the way that applications request and receive access tokens, which are used to authenticate API requests.

Sticky Menu
COLOR SKINS
COLOR SCHEMES