Beginner's Guide to GitHub OAuth 2.0

- Shreya Prasad

Hey, my name is Shreya Prasad 👋

I'm a

Twitter: @shreyacasmalert

GitHub: ShreyaPrasad1209

LinkedIn: https://www.linkedin.com/in/-shreya-prasad/

AGENDA

Believe me, this is how things literally worked in the dark stone ages before OAuth.

OAuth 2.0 is an Authorization framework
Third-party applications get limited access to user's data hosted on another service without credentials
It is not an Authentication framework

Authentication = login + password (who you are)
Authorization = permissions (what you are allowed to do, this is where OAuth comes in)

Understand OAuth Workflow

For the Client (third-party) to access a protected resource (google drive photo):

First, the client requests authorization from the resource owner (end user),
Let's say the resource owner (end user) approves the authorization request the client receives authorization grant depends upon the grant type method used by the client (third-party).
Then, the client (third-party) request's access token by presenting the received authorization grant to the Authorization server (Google Authentication server)

Authorization server (Google Authentication server) validates client and grant issues access token to the client (third-party)
Client (Third party) uses the access token to gain access to the protected resource in the resource server (google drive).

Eliminates need to remember login credentials for every website visited.
Pre-validated Email address, opportunity to reduce fake user accounts.
Speed up the registration process - Information about users can be quickly obtained from profile data returned by social login, instead of manually entering.

Transport Independent

Founded in cryptography, especially digital signatures

Transport Dependent

Centered around bearer tokens