- OAuth is an open standard for authorization. OAuth 2.0 is the latest and most widely used form of OAuth
- It allows people to authorize applications to access another application on their behalf
- Let us understand this more by an example
- Imagine you subscribed to an application greet.com in which you can make custom greetings/posters.
- Now once you build a greeting/poster , you would want to send this to your friends and families
- There is another application contactlist.com where you have maintained all your contacts
- These are 2 different applications
- Therefore how can greet.com application / website access the contact list from contactlist.com?
- Providing id and password to greet.com app to fetch details from contactlist.com is absolutely not a good idea
- Moreover you want greet.com to only fetch the contacts of a particular group and not all other details that you have stored
- OAuth helps to solve this problem by enabling greet.com to obtain limited access to your contact list for a certain period of time without giving away your password.
At a high level this is the process flow for greet.com to access the contacts of a user from contactlist.com application
- OAuth is not an authentication protocol and it is an authorization framework. It is not about authenticating the user , its a way to obtain a token to get access to a resource
- We see the application of these on almost all of the modern web applications . Example
- Goal is to allow an app to access a user’s data without giving the password.
- Applications which follow OAuth Specs understand how to communicate and obtain the access token which cannot be tampered,
- OAuth Specs defines the OAuth flow and process .
- In the next post , i will share details of what those flows are key terminologies of OAuth that you need to understand.
Do share your comment and feedback
Thank you !!!