What is Oauth?
Oauth stands for open authorization. Mainly used for authorization mechanism.
Oauth is a protocol that allows a 3rd party website to access user information. Here user does not need to share credentials.
For example, when you access some applications, it asks to authenticate through “google” or “facebook” login. This is Oauth.
Oauth uses authorization token instead of a password, to give identity.
Oauth version 2.0 is the latest one.
Oauth 2.0 works for web applications, thick client applications, and mobile applications.
How Oauth works?
Consider there are two websites; Site1 and Site2 & user name is “tester”.
Step1: Site1 want to access user “tester’s” information/data from site2.
Step2: “tester” ask site1 to access site2. User “tester” is redirected to site2 and there “tester” confirms site2 to give information/data access to site1.
Step3: Site2 redirect the “tester” to site1 with authorisation token.
Step4: Site1 shares the authorisation token with secret code with site2.
Step5: Site2 sends security token to site1.
Step6: Site1 sends request to site2 on behalf of user “tester” by using security token.
What are the advantages of using Oauth?
• It works for non-web client applications also
• Easy to implement
• More secure
This article covers only the concept; how OAuth works, how one site gives access to another site without asking credentials, what are the benefits of using OAuth.