OAuth 2.0
OAuth 2.0
Open Authorization (OAuth) is an open standard protocol
that allows an end user’s credentials to access third party applications
without exposing the user’s password. OAuth acts as the middle man to
decide whether to allow end users access to third party applications.
For example, say you want to access web application XYZ, and you do not
have a user account for accessing this web application. However, XYZ has
the option to allow you to log in using the credentials from a social
media website ABC. So you access the website using the social media
login.
For this to work, the application ‘XYZ’ is registered with ‘ABC’ and is an approved application. When you access XYZ, you use your user credentials for ABC. Then XYZ requests an access token from ABC on your behalf. Now you have access to XYZ. XYZ knows nothing about you and your user credentials, and this interaction is totally seamless for the user. Using secret tokens prevents a malicious application from getting your information and your data.
For this to work, the application ‘XYZ’ is registered with ‘ABC’ and is an approved application. When you access XYZ, you use your user credentials for ABC. Then XYZ requests an access token from ABC on your behalf. Now you have access to XYZ. XYZ knows nothing about you and your user credentials, and this interaction is totally seamless for the user. Using secret tokens prevents a malicious application from getting your information and your data.
No comments: