Saturday, 29 October 2016

Oauth 2.0 Introduction

In traditional client server authentication, client requests protected resource on the server by providing resource owner's credentials.

To provide third party applications to restricted resources, resource owner shares his credentials with third party application. This is not safe and might create several problems.

All these problems are solved by using OAuth. It uses authorization layer and separates the role of client from the resource owner.

Client requests access to the protected resources with resource owner grant by using access token.
Access tokens are issued to third party applications by an authorization server.







Thursday, 29 September 2016

Oauth 2.0 Roles

Oauth2 Tutorial :

Oauth 2.0 defines the following roles.
  • Third party application
  • Resource Owner
  • Resource Server
  • Authorization server
 Third party application : 

A client is an application want to access user's account.
It must be authorized by the user and authorization must validated by the api.

Resource Owner :

Resource owner is who authorizes the application to access to their account. It is based on the scope of the access like read/write etc.




Resource Server : 

Resource server is the api used to access the user details.