Google OAuth Authentication & API

Access
Secure Authentication & API Access for Web, Mobile, and Desktop
Apps
 What is Google OAuth?
• OAuth (Open Authorization) is a secure authentication and authorization
framework.

• Allows third-party applications to access user data without sharing passwords.

• Used by Google, Facebook, GitHub, etc., for secure sign-in.

• Provides controlled access to APIs and services.

• It is based on the OAuth 2.0 standard, which is widely used for secure
authentication across websites and mobile apps.
 Why Use OAuth?

• Secure authentication without sharing passwords.

• Allows users to grant limited access to their data.

• Used in Single Sign-On (SSO) and API access management.

• Supports mobile, web, and desktop applications.

 Introduction to Authentication
What is Authentication?
•Authentication is the process of verifying a user's identity before
granting access to a system, application, or resource. It ensures that the
person or entity attempting to access a system is who they claim to be.
Example:
•When you log into Gmail, you enter your email and password to
verify your identity.
•If correct, Google authenticates you and allows access to your
account.
 Why is Authentication Important?
Security – Prevents unauthorized access to sensitive data.
User Privacy – Protects user accounts from hackers.
Data Integrity – Ensures that only authenticated users can modify or view
data.
Prevents Identity Theft – Stops malicious users from impersonating others.
Example:
•Without authentication, anyone could access your email, social media, or
bank account!
 Authentication Methods
Authentication Type Example Security Level
Password-Based Email, Social Media Weak

Two-Factor Authentication
Gmail OTP Medium
(2FA)
Multi-Factor Authentication
Online Banking High
(MFA)
Biometric Authentication Face ID, Fingerprint High

Token-Based Authentication Google OAuth, API login High

Google Login for YouTube &
Single Sign-On (SSO) Drive
Medium

Certificate-Based Digital Certificates, Aadhaar e-

High
Authentication KYC
 What is Authorization?
• Authorization is the process of determining what actions, resources, or
data a user is allowed to access after they have been authenticated.
Key Points:
Happens After Authentication – First, the system verifies who you are
(authentication), then checks what you can access (authorization).
Controls Permissions – Defines what a user can view, edit, delete, or
manage.
Based on Roles & Policies – Users can have different access levels
(Admin, Editor, Viewer, etc.).
 Difference Between Authentication and
Authorization
Feature Authentication Authorization

Definition Verifies who you are Determines what you can

access
Purpose Confirms identity Grants or denies permissions

Example Logging in with a username & Accessing admin-only

password features
When It Happens? First step Happens after authentication

Real-World Example Showing an ID card at security Getting permission to enter a

restricted area
 Example in Google OAuth:

Authentication:

•You log in with your student ID at the college gate to verify that you
are a valid student.

Authorization:

•The guard asks for specific permissions (such as access to the library,
gym, or classrooms) and you decide which areas you want to enter.
 Where is OAuth Used?

• Single Sign-On (SSO) – 'Sign in with Google/Facebook'.

• API Access – Accessing Google Drive, Gmail, etc.

• Mobile & Web Apps – Secure login for users.

• Third-party integrations – Spotify, GitHub, PayPal, etc.

 OAuth 2.0: Open Standard for
Authentication
• OAuth (Open Authorization) is a widely used protocol that allows

applications to authenticate users using third-party identity providers like

Google, Facebook, or GitHub.

• Google OAuth is Google's implementation of OAuth 2.0, allowing users to

log in to apps using their Google account.

 Why use OAuth 2.0?

• Users don’t need to create new passwords for every app.

• Authentication is secure and managed by Google.

• Apps get limited access to user data instead of full control.

Simple Example for OAuth flow
 OAuth 2.0 Workflow
• Step 1 – Request to Access Protected Resource

• Step 2 – Redirect to Authorization Server

• Step 3 – Request Authorization from Server

• Step 4 – User Login & Authentication

• Step 5 – User Grants Consent

• Step 6 – Authorization Code Generation & Redirection

• Step 7 – Client Requests Access Token

Contd.

• Step 8 – Server Verifies & Issues Access Token

• Step 9 – Client Requests Resource with Access Token

• Step 10 – Resource Server Returns Protected Resource

• Conclusion – Display the protected Resource

Used for Secure Access to Google Services
Google OAuth allows third-party applications to request access to
Google services, such as:
•Gmail – Read and send emails.
•Google Drive – Access, upload, or manage files.
•Google Calendar – Read or modify events.
•YouTube – Manage videos, comments, and subscriptions.
Example: If a file-sharing app needs access to your Google Drive, it
can request permission using OAuth instead of asking for your
password.
 User Grants Permission Without Sharing
Passwords

• Instead of entering a username and password into a third-party app,

the app redirects the user to Google’s login page.
• Google then asks the user whether they allow the app to access certain
data.
• If the user grants permission, Google provides an authorization token
to the app.
 Example OAuth Flow:
1. You open an app and click “Sign in with Google”.
2. The app redirects you to Google’s login page.
3. You enter your Google credentials (or if already logged in, it skips
this step).
4. Google shows a permission request (e.g., “Allow this app to access
your Google Drive?”).
5. If you accept, Google provides a secure Access Token to the app.
6. The app can now use the token to access only the allowed Google
services.
Example: Logging into a Third-Party App
Using "Sign in with Google"
Scenario:
•You visit a job application website that allows signing in via Google.
•Instead of creating a new account, you click “Sign in with Google”.
•Google authenticates you and sends an authorization token to the job
site.
•The job site can now access your Google profile (name, email, profile
picture) without ever seeing your password.
 Why is Google OAuth Important?

• Secure: Users never have to share their passwords with third-party

apps.

• Convenient: One-click login using an existing Google account.

• Limited Access: Apps only get access to what users approve (e.g.,
read-only access to Drive, not full control).
 Server-Side Web Apps (Backend Apps)
• Use Case: Web applications with a backend (e.g., Django, Flask, or
Node.js).
• Example: A web app accessing Google Drive on behalf of a user.
OAuth Flow:
1.User clicks 'Sign in with Google'.
2.App redirects user to Google's OAuth server.
3.User logs in and grants permission.
4.Google sends an Authorization Code to the app.
5.Backend exchanges code for an Access Token.
6.Access Token is used to call Google APIs.
 JavaScript Web Apps (Frontend-Only)
• Use Case: Web apps built with React, Angular, Vue.js.
• Example: A web app fetching user Google Calendar events.

OAuth Flow:
1.User clicks 'Sign in with Google'.
2.Google authenticates the user.
3.Access Token is returned directly to the browser.
4.The app uses the token to call Google APIs.
 Mobile & Desktop Apps
• Use Case: Android, iOS, and desktop apps (Flutter, Java, Swift, Electron).
• Example: A mobile app accessing Gmail messages.

OAuth Flow:
1.App opens Google OAuth login page.
2.User logs in and grants access.
3.Google sends an Authorization Code to the app.
4.App exchanges code for an Access Token.
5.Access Token is used to access Google APIs.
• Security Note: Use PKCE and store tokens securely.