Home > Social Authentication > Highlight about OAuth2.0

Highlight about OAuth2.0

OAuth 2.0 is an open authorization protocol through this you can access the resources of currently logged in user along with there permission,from the resource server, without having to give their username and password directly to the your app

OAUTH have 4 different pieces of role

1) Resource Owner (User)
End user or person who access the ‘Client Application’ provide permission to access their protected information over the Resource Server.
2) Resource server
Serving the protected user’s information, based on the requested token_access.
3) Client Application
Request the Resource server behalf of the Resource Owner along with the authorization.
4) Authorization server
It will issue the ‘token_access’ as response back to ‘client application’ after successful ‘authentication and authorization’ of resource owner

OAUTH  WorkFlow

WorkFlow of Oauth


To access the ‘Resource Owner’ information from Resource Server Client Application need ‘access_token’ as the indication of ‘Resource Owner’ Authorization called ‘Authorization_Grant’.

Before a client application can request access to resources on a resource server, the client application must first register with the authorization server associated with the resource server.
The client ID and secret is unique to the client application on that authorization server.
Whenever the client application requests access to resources stored on that same resource server, the client application needs to authenticate itself by sending along the client ID and the client secret to the authorization server.

There are 4 type of authorization grants
1) Authorization Code
Instead of getting authorization directly from the resource owner, the client directs the resource owner to an authorization server,which in turn directs the resource owner back to the client with the authorization code.

Note:-authorization code is obtained by using an authorization server as an intermediary between the client and resource owner.

2) Implicit
It is optimized authorization code flow implemented in a browser using a scripting language like Java script. Here instead of issuing intermediate authorization code ‘Client server’ directly gets access_token. It improve the responsiveness and efficiency by reduce the number of round trip to obtain the access_token.

3) Resource Owner Password Credentials
It can be used directly as an authorization grant to obtain an access_token.It should only be used when there is a high degree of trust between the resource owner and the client.

4) Client Credentials
It can be used as an authorization grant when the authorization scope is limited to the protected resources under the control of the client.

OAUTH Endpoints:-
The authorization process utilizes two authorization server endpoints

1) Authorization endpoint
It will be on the authorization server where the resource owner server grants authorization to the client application.
2) Token endpoint
Client application obtain an access token by passing authorization code along with client id, client secret. It is taken place at the resource server side.
3) Redirection endpoint
Once client application is granted with authorization at the authorization endpoint, the resource owner will be redirected to the specified page of client application.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: