OAuth 1.0

OAuth 2.0

Introduction

A protocol about permission delegation.

• About AUTHORIZATION (Not Login)
• OAuth lets user allow an app to access a resource without sharing their password.
• Time-bound permissions.

OAuth Roles

1. Resource Owner
   • The user that owns the data
   • Example: You (Google account owner)
2. Client
   • The app that wants access.
   • Example: A website using “Login with Google”.
3. Authorization Server
   • Authenticates user and issues tokens
   • Example: Google Auth Server
4. Resource Server
   • Hosts protected APIs
   • Example: Google Drive API

// Auth server & resource server can be the same system

OAuth Flow

1. User using an Client App, login using Google.
2. Client app redirect user to AuthorizationServer to login.