What is OAuth???

• OAuth is an open standard for authorization. OAuth 2.0 is the latest and most widely used form of OAuth
• It allows people to authorize applications to access another application on their behalf
• Let us understand this more by an example
  • Imagine you subscribed to an application greet.com in which you can make custom greetings/posters.
  • Now once you build a greeting/poster , you would want to send this to your friends and families
  • There is another application contactlist.com where you have maintained all your contacts
  • These are 2 different applications

• Therefore how can greet.com application / website access the contact list from contactlist.com?
• Providing id and password to greet.com app to fetch details from contactlist.com is absolutely not a good idea
• Moreover you want greet.com to only fetch the contacts of a particular group and not all other details that you have stored

• OAuth helps to solve this problem by enabling greet.com to obtain limited access to your contact list for a certain period of time without giving away your password.

At a high level this is the process flow for greet.com to access the contacts of a user from contactlist.com application

• OAuth is not an authentication protocol and it is an authorization framework. It is not about authenticating the user , its a way to obtain a token to get access to a resource
• We see the application of these on almost all of the modern web applications . Example

• Goal is to allow an app to access a user’s data without giving the password.
• Applications which follow OAuth Specs understand how to communicate and obtain the access token which cannot be tampered,
• OAuth Specs defines the OAuth flow and process .
• In the next post , i will share details of what those flows are key terminologies of OAuth that you need to understand.

Do share your comment and feedback

Thank you !!!