An introduction to OAuth 2.0.
Thread 🧵👇
Thread 🧵👇
OAuth (Open Authorization) is an authorization standard that allows applications to access resources hosted by other web applications on behalf of the user.
An example is logging in to an app via your Google or Facebook account.
Your credentials are used without being disclosed to another app. This is achieved using access tokens.
Your credentials are used without being disclosed to another app. This is achieved using access tokens.
OAuth 2.0 does not define a particular access token format, but JSON Web Tokens (JWTs) are commonly used.
These tokens contain authorization information representing a user's access to a specific resource.
These tokens contain authorization information representing a user's access to a specific resource.
OAuth 2.0 defines roles which are core components of its specification. There are four roles, each being an essential part of the framework.
Let’s look at each role 👇
Let’s look at each role 👇
1. Resource Owner
This is the user or system that owns the protected resource and can grant access to it using the OAuth 2.0 authorization standards.
This is the user or system that owns the protected resource and can grant access to it using the OAuth 2.0 authorization standards.
2. Client
The system that is requesting access to the protected resource. The client must provide the appropriate token to gain access.
The system that is requesting access to the protected resource. The client must provide the appropriate token to gain access.
3. Authorization Server
This server issues access tokens to clients who request access to a resource.
Access tokens are issued after successful authentication and consent by the resource owner.
This server issues access tokens to clients who request access to a resource.
Access tokens are issued after successful authentication and consent by the resource owner.
4. Resource Server
This is where protected resources are located.
Resource servers receive client access requests, validate their access token, and deliver the resource needed.
This is where protected resources are located.
Resource servers receive client access requests, validate their access token, and deliver the resource needed.
Thanks for reading! Follow @Rapid_API for more exclusive content. 🐙💙
Loading suggestions...