Disclaimer, this is not a training dot, but it's my attempt to understand OAuth in Plain English or with visual aids. Any suggestions are welcome. See this as published personal notes.
Thoughtworks gave an awesome overview:
"OAuth is an open-source specification for building a framework for allowing a third-party app (the “client”) to access protected resources from another application (the “provider,” or “resource owner”) at the request of a “user” of the client app. Oauth allows the user to enter his user credentials (ex. username and password) only to the provider app, which then grants the client app permission to view the protected resources on behalf of the user."
There are a few "players" here.
The third-party app: say a newly launched startup app in beta, Facebook for dating F-Book
The user: you, an aspiring bachelor with a dream
The provider: Facebook, which has your profile, and friend list
When you want to log onto F-Book for the first time, you don't want to give an untested app all your favorite password. You saw the option to use Facebook login instead.
You choose that. A familiar blue popup shows up and ask for your Facebook username and password. Hooray, you do this everyday.
Click login. The popup disappears, you are directed to F-Book, which now has your profile picture, your friend list (tells you which friends already joined), and you can now start to use F-Book! Voila.
Actually there was another step after you used Facebook credentials to sign in: Facebook asks you are you sure you want to grant profile and friend list access to F-Book. You say okay or skip. If you skip, you likely will get a 404 from F-Book (oops, something went wrong). If you grant, then Facebook secretly sends a token over to F-Book and was like okay F-Book, you can now communicate with me. Remember to send over this token, when you want to retrieve information about this particular user. Remember to send over your app API token too, because I want to know you are F-Book for reals, not knockoff-FBook.
Now F-Book can use APIs like getUserProfilePic() getUserFriendList(), Facebook pukes out a JSON, everyone's happy.
Of course, this isn't quite how it works but you get the idea. I have grossly admitted important details about security and how secret and public keys work. I wrote this post because every time someone asks me about OAuth, my initial thought is always that I know nothing. But the reality is, since it has been popularly adopted all over the place, I have seen many manifestations of OAuth: Twitter, Facebook logins, Google Plus logins, GitHub (SSH secret keys), Yahoo YQL, Google Map.
Your byte size news and commentary from Silicon Valley the land of startup vanities, coding, learn-to-code and unicorn billionaire stories.
Ad
Subscribe to:
Post Comments (Atom)
React UI, UI UX, Reactstrap React Bootstrap
React UI MATERIAL Install yarn add @material-ui/icons Reactstrap FORMS. Controlled Forms. Uncontrolled Forms. Columns, grid
-
This review is updated continuously throughout the program. Yay I just joined the Udacity Nanodegree for Digital Marketing! I am such an Uda...
-
All you need to know about Snap IPO. Tech startup news explained for Youtubers in minutes.
-
This is the photo collection, Youtube video construction in progress. Fisherman's Wharf Lure
The 2019 Belmont Stakes odds behind favorite Tacitus, who is 9-5. With so little separating the top two choices on Saturday, and plenty of other intriguing value selections on the board, you need to see the predictions from horse racing handicapper Hank Goldberg before making any 2019 Belmont Stakes picks of your own.
ReplyDeleteGGG vs Rolls
GGG Rolls
GGG vs Rolls Live
Golovkin vs Rolls
GGG vs Rolls Fight
This story was written in collaboration with Forbes Finds. Forbes Finds covers products we think you’ll love. Featured products are independently selected and linked to for your convenience. If you buy something using a link on this page, Forbes may receive a small share of that sale.
Belmont Stakes 2019
Belmont Stakes
Belmont Stakes Live
Belmont Stakes Race
Belmont Stakes Horses