OAuth 2.0 framework – what, why and how2019 07 12
Author: Evaldas Jurgaitis
Data security is one of the most pressing problems of today. In the age of the Internet, we pay invoices online, buy online, pay for services, etc. We do not always understand and evaluate the security of the data provider well, we provide our personal data, as well as we use the same passwords when logging in to different systems. If one of the data providers does not provide security, there is a high probability that our personal data will fall into the hands of online fraudsters.
Another problem that has already been encountered by the end users of different systems and their creators is centralization of authorization. When designing various applications, it is necessary to ensure the protection of personal data each time, to implement user logon registration functions, which in practice is, in fact, a considerable challenge, which takes a lot of time.
OAuth2 successfully overcomes these problems by changing the operation of traditional systems.
However, what is OAuth 2.0 and how does it work?
OAuth2 is a framework that allows you to gain limited access without providing access to third-party resource servers. OAuth2 works with the HTTP protocol to transfer user authorization to the hands of authorization service providers (Facebook, Google, Amazon, OpenAM, etc.) that contain a user account and authorize third-party applications to access the user’s account. OAuth2 provides access to protected resources for web and desktop applications and mobile devices.
From the definition we can distinguish OAuth2 roles, which must be known for further explanation of how the system works.
Resource Server – a web server that contains a set of resources that are protected by the OAuth2 Authorization System. An access token must be provided to obtain the resource.
- Resource owner – an entity that owns resources on a resource server and is able to provide access to protected resources when the resource owner is a person, end-user.
- Client – an application that uses resource owner permission to make secure resource requests. The term “client” does not imply any specific performance characteristics (eg, may be an application running on a server, desktop or other device).
- Authorization server – a web server that identifies the owner of the resource and issues access tokens after proper authorization. Authorization server providers: Facebook, Twitter, Google, Okta and others. The authorization server may also be your own.
OAuth2 operating principle
After getting to know the roles of OAuth2, we can understand how they interact with each other.
- The resource owner (user) applies for the resource application.
- The resource owner (user) is directed to the authentication server to authenticate and authorizes the application to connect to the user service resource.
- If the application is authenticated and the authorization type is allowed, the authorization server (API) provides the access key and returns it to the application. Authorization complete.
- The application requests the resource from the Resource Server (API) when providing the Access Key.
- If the access token is valid, the Resource Server (API) returns the protected resource to the application. Access token validity can be verified on the resource server in two ways:
• The resource server sends an access token to the authorization server for verification.
• The resource server checks the access key itself.
The actual operating principle of this process will vary depending on the authorization grant type used.
Since you already know what the OAuth system is and how it works, we’ll discuss more OAuth technical nuances in other records. Stay tuned.
Skaistė Krikščiūnaitė to become Baltic Amadeus Head of Marketing2021 06 10
Skaistė Krikščiūnaitė has been appointed the new Head of Marketing at the IT company Baltic Amadeus. Ms Krikščiūnaitė joined the strategic change team of the company, which is currently growing and looking for new personnel, in late June.More
Baltic Amadeus in a Collab with Talend: Helping Organisations Manage Data Chaos2021 06 03
The developer of unique IT solutions, Baltic Amadeus has signed an agreement with the company Talend (NASDAQ: TLND) that provides data management products. The solutions of this world-leading company allow organisations to manage data chaos by ensuring that the data stores across different systems are mutually compatible and fully correct. Talend also helps with the dilemma of processing data in strict legal compliance while at the same time providing their employees with the necessary access to that data.More
Baltic Amadeus Plans an Expansion with New Digital Products2021 05 11
The developer of unique solutions, Baltic Amadeus, reported an income of nearly EUR 11 million in 2020; despite the pandemic, its sales remained stable. To continue its successful export operations, the company in planning to expand in the pan-Baltic region and invest in the development of new digital solutions.More