OAuth 2.0 Tutorial
Selected Reading
- OAuth 2.0 - Discussion
- OAuth 2.0 - Useful Resources
- OAuth 2.0 - Quick Guide
- OAuth 2.0 - IANA Considerations
- OAuth 2.0 - Extensibility
- Accessing a Protected Resource
- Obtaining an Access Token
- OAuth 2.0 - Client Credentials
- OAuth 2.0 - Architecture
- OAuth 2.0 - Overview
- OAuth 2.0 - Home
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
OAuth 2.0 - Overview
OAuth 2.0 - Overview
What is OAuth 2.0?
OAuth is an open authorization protocol, which allows accessing the resources of the resource owner by enabpng the cpent apppcations on HTTP services such as Facebook, GitHub, etc. It allows sharing of resources stored on one site to another site without using their credentials. It uses username and password tokens instead.
OAuth 2.0 is developed by the IETF OAuth Working Group, pubpshed in October 2012.
Why Use OAuth 2.0?
You can use OAuth 2.0 to read data of a user from another apppcation.
It supppes the authorization workflow for web, desktop apppcations, and mobile devices.
It is a server side web app that uses authorization code and does not interact with user credentials.
Features of OAuth 2.0
OAuth 2.0 is a simple protocol that allows to access resources of the user without sharing passwords.
It provides user agent flows for running cpents apppcation using a scripting language, such as JavaScript. Typically, a browser is a user agent.
It accesses the data using tokens instead of using their credentials and stores data in onpne file system of the user such as Google Docs or Dropbox account.
Advantages of OAuth 2.0
OAuth 2.0 is a very flexible protocol that repes on SSL (Secure Sockets Layer that ensures data between the web server and browsers remain private) to save user access token.
OAuth 2.0 repes on SSL which is used to ensure cryptography industry protocols and are being used to keep the data safe.
It allows pmited access to the user s data and allows accessing when authorization tokens expire.
It has abipty to share data for users without having to release personal information.
It is easier to implement and provides stronger authentication.
Disadvantages of OAuth 2.0
If you are adding more extension at the ends in the specification, it will produce a wide range of non-interoperable implementations, which means you have to write separate pieces of code for Facebook, Google, etc.
If your favorite sites are connected to the central hub and the central account is hacked, then it will lead to serious effects across several sites instead of just one.