Saturday, 29 October 2016

Oauth 2.0 Introduction

In traditional client server authentication, client requests protected resource on the server by providing resource owner's credentials.

To provide third party applications to restricted resources, resource owner shares his credentials with third party application. This is not safe and might create several problems.

All these problems are solved by using OAuth. It uses authorization layer and separates the role of client from the resource owner.

Client requests access to the protected resources with resource owner grant by using access token.
Access tokens are issued to third party applications by an authorization server.