Scribd
Upload
21 views

Note:-: Oauth Is An

OAuth is an open standard that allows websites and applications to access a user's information from other websites without needing the user's passwords. It works by having users authorize third party applications to access their accounts, such as allowing Google, Facebook, or Twitter applications access to user profiles. The OAuth communication flow involves a user requesting a resource, being redirected to an identity provider for authentication, and then receiving an access token to let the application access the user's information from that identity provider on the user's behalf.

Uploaded by

Debesh Ghosh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
21 views

Note:-: Oauth Is An

OAuth is an open standard that allows websites and applications to access a user's information from other websites without needing the user's passwords. It works by having users authorize third party applications to access their accounts, such as allowing Google, Facebook, or Twitter applications access to user profiles. The OAuth communication flow involves a user requesting a resource, being redirected to an identity provider for authentication, and then receiving an access token to let the application access the user's information from that identity provider on the user's behalf.

Uploaded by

Debesh Ghosh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

OAuth is an open standard for authorization, commonly used as

a way for Internet users to authorize websites or applications to


access their information on other websites but without giving them
the passwords. This mechanism is used, for example, by Google,
Facebook, Microsoft, Twitter, etc to permit the users to share
information about their accounts with third party applications or
websites.

Note :- OAuth is also distinct from OATH, which is a reference


architecture for authentication, not a standard for authorization.

The communication flow in both processes is similar:

1. (Not pictured) The user requests a resource or site login from the application.

2. The site sees that the user is not authenticated. It formulates a request for the identity
provider, encodes it, and sends it to the user as part of a redirect URL.

3. The user's browser requests the redirect URL for the identity provider, including the
application's request

4. If necessary, the identity provider authenticates the user (perhaps by asking them for their
username and password)

5. Once the identity provider is satisfied that the user is sufficiently authenticated, it processes
the application's request, formulates a response, and sends that back to the user along with
a redirect URL back to the application.

6. The user's browser requests the redirect URL that goes back to the application, including the
identity provider's response

7. The application decodes the identity provider's response, and carries on accordingly.

(OAuth only) The response includes an access token which the application can use to gain
direct access to the identity provider's services on the user's behalf.
8.

You might also like