I know the most of you know what is OAuth2 but some people who is starting in this ‘world’ can be a bit lost in this. So I have tried to prepare a little post which summarizes all the documentation and be a fast read for everyone. Let’s go to start.
What is a OAuth2?
OAuth2 is a authentication framework which allows third-party applications to grant access to a HTTP service for websites, mobile application or desktop applications.
This protocol has four sections which are the next ones:
This protocol has four roles:
- Resource Owner: Yourself
- Resource Server: protected data.
- Client: Application requesting access to a service.
- Authorization Server: Server gives access token to the client. This token is going to be used for the client to request the resource server.
Tokens are random string which are generated by the authorization server and they are sent when the client requests them. There are two types:
- Access Token: This simple String is the most important things in this process because without it any aplication cannot connect with any of the service. It has a limited lifetime which is defined by the authorization server.
- Refresh Token: It is used to renewing the access token when it has expired.
It is a parameter which is used to limit access in the API and it defines the list of the available scopes.
This protocol requires to use of HTTPS for communication between the client and the server because that way you will have a secure transmission between the client and the server.
P.S.: Sorry for my english. I know is not good.