- OAuth is an open standard for authorization. OAuth 2.0 is the latest and most widely used form of OAuth
- It allows people to authorize applications to access another application on their behalf
- Let us understand this more by an example
- Imagine you subscribed to an application greet.com in which you can make custom greetings/posters.
- Now once you build a greeting/poster , you would want to send this to your friends and families
- There is another application contactlist.com where you have maintained all your contacts
- These are 2 different applications
- Therefore how can greet.com application / website access the contact list from contactlist.com?
- Providing id and password to greet.com app to fetch details from contactlist.com is absolutely not a good idea
- Moreover you want greet.com to only fetch the contacts of a particular group and not all other details that you have stored
- OAuth helps to solve this problem by enabling greet.com to obtain limited access to your contact list for a certain period of time without giving away your password.
At a high level this is the process flow for greet.com to access the contacts of a user from contactlist.com application
- OAuth is not an authentication protocol and it is an authorization framework. It is not about authenticating the user , its a way to obtain a token to get access to a resource
- We see the application of these on almost all of the modern web applications . Example
- Goal is to allow an app to access a user’s data without giving the password.
- Applications which follow OAuth Specs understand how to communicate and obtain the access token which cannot be tampered,
- OAuth Specs defines the OAuth flow and process .
- In the next post , i will share details of what those flows are key terminologies of OAuth that you need to understand.
Do share your comment and feedback
Thank you !!!
One thought on “What is OAuth???”