oauth tutorial - OAuth Introduction - oauth2 tutorial - oauth authentication
What is OAuth 2?
- OAuth2 is, you guessed it, the version 2 of the OAuth protocol (also called framework).
- This protocol allows third-party applications to grant limited access to an HTTP service, either on behalf of a resource owner or by allowing the third-party application to obtain access on its own behalf.
- Access is requested by a client, it can be a website or a mobile application for example. Version 2 is expected to simplify the previous version of the protocol and to facilitate interoperability between different applications.
- Specifications are still being drafted and the protocol is constantly evolving but that does not prevent it from being implemented and acclaimed by several internet giants such as Google or Facebook.
Learn OAuth 2.0 - OAuth 2.0 tutorial - OAuth approach - OAuth 2.0 examples - OAuth 2.0 programs
Roles in OAuth
OAuth2 defines 4 roles :
- Resource Owner: generally yourself.
- Resource Server: server hosting protected data (for example Google hosting your profile and personal information).
- Authorization Server: server issuing access token to the client. This token will be used for the client to request the resource server. This server can be the same as the authorization server (same physical server and same application), and it is often the case.
Learn OAuth 2.0 - OAuth 2.0 tutorial - logo of oauth2 - OAuth 2.0 examples - OAuth 2.0 programs
OAuth 2.0 Specification
- The OAuth 2.0 specification is a flexible authorization framework for the client application which acquires an access token and it can be used to authenticate a request to the API endpoint.
- OAuth 2.0 is also known as the industry-standard protocol which is used for authorization.
- OAuth 2.0 replaces application of the work done on the original OAuth 2.0 protocol created in the year 2006.
- OAuth 2.0 provided specific authorization flows for web applications, while focusing on client for desktop applications, mobile phones applications, and living room applications.
- This OAuth 2.0 specification is developed within the IETF OAuth 2.0 WG.