oauth tutorial - What is OAuth | OAuth Overview - oauth2 tutorial - oauth authentication
What is OAuth 2.0?
- OAuth 2.0 is an open authorization protocol, which can allow accessing the resources by enabling the client applications on HTTP services
- It is a protocol which enables applications to access each other data.
- OAuth 2.0 covers different ways where a client application can obtain authorization to access the resources which is stored on the resource server.
- The diagram which is given below shows the authentication process of the OAuth 2.0
learn oauth tutorial - oauth overview - oauth example
Use of OAuth 2.0
- OAuth 2.0 is used to create an application and it enables other application to access user data.
- OAuth 2.0 is used to read data of a user from another application.
- OAuth 2.0 gives the authorization workflow for web, desktop applications, and mobile applications.
- OAuth 2.0 uses authorization code for a server side web app which is used
- OAuth 2.0 has the username and password so that it does not interact with user credentials.
Features of OAuth 2.0
- OAuth 2.0 is an open authorization protocol which is a simple protocol that allows to access resources of the user
- Instead of using the user credentials ,it accesses the data using access tokens
- OAuth 2.0 is a service that is complementary to and distinct from OpenID which is reference architecture for authentication.
- OAuth 2.0 stores data in the file system of the user such as Google Docs or Dropbox account.
Advantages of OAuth 2.0
- OAuth 2.0 is a very flexible protocol that relies on SSL (Secure Sockets Layer) to save user access token.
- OAuth 2.0 relies on SSL used to ensure cryptography industry protocols and are used to keep the data safe.
- OAuth 2.0 allows access to the user data and if the access token expire, it grants access to the user data
- OAuth 2.0 has ability to share data for users without revealing their personal information.
- OAuth 2.0 is easier to implement and provides stronger authentication to access the client web application.
Disadvantages of OAuth 2.0
- If we add more extension to the specification, it will produce a wide range of non-interoperable implementations, which means we need to write separate pieces of program for Facebook, Google, etc.
- If the sites are connected to the central and if the central account is hacked, then it will lead to serious effects over several sites.
- OAuth 2.0 is a bit more complex when compared to other possible authentication mechanisms
- In OAuth 2.0 , SSL takes time to run basic HTTP, so this will make the response time considerably slow
- The lack of encryption in OAuth 2.0 will makes the security risk fairly high