I am @arunselvakumar
Software Developer Eurofins IT Solutions
🤔
Username
Password
Set-Cookie: session-id: bdotnet; max-age: 96000Â
OAuth 2.0 and OpenID Connect are becoming industry standards for solving this problem
Simple Login (Forms & Cookies)
Single Sign-On Across Sites (SAML)
Mobile Login (???)
Delegated Authorization (???)
Connect with Google
Username
Password
accounts.google.com
Allow Yelp to access your contacts?
yelp.com/callback
Resource Owner
Client
Authorization Server
Resource Server
Authorization Grant
Redirect URI
Access Token
Connect with Google
Username
Password
accounts.google.com
Allow Yelp to access your contacts?
yelp.com/callback
Goto: Authorization Server
Redirect URI: yelp.com/callback
Response-Type: code
w
Exchange Authorization Code for Access-Token
contacts.google.com
talk to resource server with access_token
Scopes
Consent
Connect with Google
Username
Password
accounts.google.com
Allow Yelp to access your contacts?
yelp.com/callback
Goto: Authorization Server
Redirect URI: yelp.com/callback
Response-Type: code
Back to redirect URI with Authorization Code
Exchange Authorization Code for Access-Token
contacts.google.com
talk to resource server with access_token
Scope: profile contacts
http://accounts.google.com/o/oauth2/v2/auth?client_id=312370492854-3n758q04mrmd7ghtp5v37gk9pcd4ahkn.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Foauthdebugger.com%2Fdebug&scope=profile&response_type=code&response_mode=form_post&nonce=bgaep7f128
POST {tokenEndpoint}
Content-Type: application/x-www-formurlencodedÂ
Â
grant_type=authorization_code
code=4/igGq6waXM9dbMmvLG5UiOpCREKhy0EsM
client_id=312370492854-3n758q04mrmd7ghtp5v3
client_secret={clientSecret}&redirect_uri=https%3A%2F%2Foauthdebugger.com%2Fdebug
GET api.google.com/some-end-point
Authorization: Bearer kjdfirhlk093r7jhksdklcjklfkhjkvgyfas
Authorization Code
Implicit Flow
Resource Owner Password Credentials
Client Credentials
Connect with Google
Username
Password
accounts.google.com
Allow Yelp to access your contacts?
yelp.com/callback
Goto: Authorization Server
Redirect URI: yelp.com/callback
Response-Type: token
Back to redirect URI with Access Token
Simple Login (OAuth 2.0) Authentication
Single Sign-On Across Sites (OAuth 2.0) Authentication
Mobile Login (OAuth 2.0) Authentication
Delegated Authorization (OAuth 2.0) Authorization
OpenID Connect
OAuth 2.0
OpenID Connect for Authentication
OAuth 2.0 for Authorization
Connect with Google
Username
Password
accounts.google.com
Allow Yelp to access your contacts?
yelp.com/callback
Goto: Authorization Server
Redirect URI: yelp.com/callback
Response-Type: code
Back to redirect URI with Authorization Code
Exchange Authorization Code for Access-Token
accounts.google.com/userinfo
talk to resource server with access_token
Scope: openid profile
Simple Login (OpenID Connect) Authentication
Single Sign-On Across Sites (OpenID Connect) Authentication
Mobile Login (OpenID Connect) Authentication
Delegated Authorization (OpenID Connect) Authorization
DEMO