OAuth 2.0 framework – what, why and how
2019 07 12 · 2 min readData security is one of the most pressing problems of today. In the age of the Internet, we pay invoices online, buy online, pay for services, etc. We do not always understand and evaluate the security of the data provider well, we provide our personal data, as well as we use the same passwords when logging in to different systems. If one of the data providers does not provide security, there is a high probability that our personal data will fall into the hands of online fraudsters.
Another problem that has already been encountered by the end users of different systems and their creators is centralization of authorization. When designing various applications, it is necessary to ensure the protection of personal data each time, to implement user logon registration functions, which in practice is, in fact, a considerable challenge, which takes a lot of time.
OAuth2 successfully overcomes these problems by changing the operation of traditional systems.
However, what is OAuth 2.0 and how does it work?
OAuth2 is a framework that allows you to gain limited access without providing access to third-party resource servers. OAuth2 works with the HTTP protocol to transfer user authorization to the hands of authorization service providers (Facebook, Google, Amazon, OpenAM, etc.) that contain a user account and authorize third-party applications to access the user’s account. OAuth2 provides access to protected resources for web and desktop applications and mobile devices.
From the definition we can distinguish OAuth2 roles, which must be known for further explanation of how the system works.
Roles:
Resource Server – a web server that contains a set of resources that are protected by the OAuth2 Authorization System. An access token must be provided to obtain the resource.
- Resource owner – an entity that owns resources on a resource server and is able to provide access to protected resources when the resource owner is a person, end-user.
- Client – an application that uses resource owner permission to make secure resource requests. The term “client” does not imply any specific performance characteristics (eg, may be an application running on a server, desktop or other device).
- Authorization server – a web server that identifies the owner of the resource and issues access tokens after proper authorization. Authorization server providers: Facebook, Twitter, Google, Okta and others. The authorization server may also be your own.
OAuth2 operating principle
After getting to know the roles of OAuth2, we can understand how they interact with each other.
Chart explanation:
- The resource owner (user) applies for the resource application.
- The resource owner (user) is directed to the authentication server to authenticate and authorizes the application to connect to the user service resource.
- If the application is authenticated and the authorization type is allowed, the authorization server (API) provides the access key and returns it to the application. Authorization complete.
- The application requests the resource from the Resource Server (API) when providing the Access Key.
- If the access token is valid, the Resource Server (API) returns the protected resource to the application. Access token validity can be verified on the resource server in two ways:
• The resource server sends an access token to the authorization server for verification.
• The resource server checks the access key itself.
The actual operating principle of this process will vary depending on the authorization grant type used.
Since you already know what the OAuth system is and how it works, we’ll discuss more OAuth technical nuances in other records. Stay tuned.
Latest news
-
How to achieve web accessibility compliance
2024 07 02Read the blog post about web accessibility. Learn what it takes to achieve web accessibility compliance and make your website accessible to all.
More -
Baltic Amadeus becomes AWS Advanced Tier Services Partner
2024 05 28Baltic Amadeus becomes an Advanced Tier AWS Services Partner, providing secure, scalable cloud solutions for businesses in the Baltics and Northern Europe.
More -
How do you easily start modern data reporting?
2024 04 24Delve into legacy data reporting challenges and possible ways to solve them with a data warehouse proof of concept (POC).
More