OAuth - Unit3
OAuth - Unit3
Access
Secure Authentication & API Access for Web, Mobile, and Desktop
Apps
What is Google OAuth?
• OAuth (Open Authorization) is a secure authentication and authorization
framework.
• It is based on the OAuth 2.0 standard, which is widely used for secure
authentication across websites and mobile apps.
Why Use OAuth?
Two-Factor Authentication
Gmail OTP Medium
(2FA)
Multi-Factor Authentication
Online Banking High
(MFA)
Biometric Authentication Face ID, Fingerprint High
Authentication:
•You log in with your student ID at the college gate to verify that you
are a valid student.
Authorization:
•The guard asks for specific permissions (such as access to the library,
gym, or classrooms) and you decide which areas you want to enter.
Where is OAuth Used?
• Limited Access: Apps only get access to what users approve (e.g.,
read-only access to Drive, not full control).
Server-Side Web Apps (Backend Apps)
• Use Case: Web applications with a backend (e.g., Django, Flask, or
Node.js).
• Example: A web app accessing Google Drive on behalf of a user.
OAuth Flow:
1.User clicks 'Sign in with Google'.
2.App redirects user to Google's OAuth server.
3.User logs in and grants permission.
4.Google sends an Authorization Code to the app.
5.Backend exchanges code for an Access Token.
6.Access Token is used to call Google APIs.
JavaScript Web Apps (Frontend-Only)
• Use Case: Web apps built with React, Angular, Vue.js.
• Example: A web app fetching user Google Calendar events.
OAuth Flow:
1.User clicks 'Sign in with Google'.
2.Google authenticates the user.
3.Access Token is returned directly to the browser.
4.The app uses the token to call Google APIs.
Mobile & Desktop Apps
• Use Case: Android, iOS, and desktop apps (Flutter, Java, Swift, Electron).
• Example: A mobile app accessing Gmail messages.
OAuth Flow:
1.App opens Google OAuth login page.
2.User logs in and grants access.
3.Google sends an Authorization Code to the app.
4.App exchanges code for an Access Token.
5.Access Token is used to access Google APIs.
• Security Note: Use PKCE and store tokens securely.