OAuth2, summaries

Summary About OAuth2

I know the most of you know what is OAuth2 but some people who is starting in this ‘world’  can be a bit lost in this. So I have tried to prepare a little post which summarizes all the documentation and be a fast read for everyone. Let’s go to start.

What is a OAuth2?

OAuth2 is a authentication framework which allows third-party applications to grant access to a HTTP service for websites, mobile application or desktop applications.

This protocol has four sections which are the next ones:

Roles

This protocol has four roles:

  1. Resource Owner: Yourself
  2. Resource Server: protected data.
  3. Client: Application requesting access to a service.
  4. Authorization Server: Server gives access token to the client. This token is going to be used for the client to request the resource server.

Tokens

Tokens are random string which are generated by the authorization server and they are sent when the client requests them. There are two types:

  1. Access Token: This simple String is the most important things in this process because without it any aplication cannot connect with any of the service. It has a limited lifetime which is defined by the authorization server.
  2. Refresh Token: It is used to renewing the access token when it has expired.

Scope

It is a parameter which is used to limit access in the API and it defines the list of the available scopes.

HTTPS

This protocol requires to use of HTTPS for communication between the client and the server because that way you will have a secure transmission between the client and the server.

P.S.: Sorry for my english. I know is not good.

Tagged , ,

2 thoughts on “Summary About OAuth2

  1. Nice post. I was checking continuously this blog and I’m impressed! Extremely helpful info specifically the last part 🙂 I care for such info much. I was seeking this particular information for a very long time. Thank you and best of luck.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.