Beginner's Guide to GitHub OAuth 2.0

- Shreya Prasad

Hey, my name is Shreya Prasad 👋

I'm a 

  • Final year CSE undergraduate @IGDTUW
  • GitHub Campus Expert
  • Mentor @MLH @Google Code-in
  • Microsoft Learn Student Ambassador

Twitter: @shreyacasmalert

GitHub: ShreyaPrasad1209

LinkedIn: https://www.linkedin.com/in/-shreya-prasad/

AGENDA

  • Why OAuth exists?
  • What is OAuth?
  • Authorization vs Authentication
  • Understand OAuth workflow
  • Why social logins are trending?
  • Get insight into GitHub OAuth in Node.js application using Express and Axios
  • OAuth 1.0 vs OAuth 2.0

 

Why OAuth exists?

Imagine the world without OAuth

Believe me, this is how things literally worked in the dark stone ages before OAuth.

So what is OAuth?

  • OAuth 2.0 is an Authorization framework
  • Third-party applications get limited access to user's data hosted on another service without credentials
  • It is not an Authentication framework

Authentication vs Authorization

  • Authentication = login + password (who you are)
  • Authorization = permissions (what you are allowed to do, this is where OAuth comes in)

How does OAuth solves the Problem?

Understand OAuth Workflow

For the Client (third-party) to access a protected resource (google drive photo):

 

 

  • First, the client requests authorization from the resource owner (end user),
  • Let's say the resource owner (end user) approves the authorization request the client receives authorization grant depends upon the grant type method used by the client (third-party).
  • Then, the client (third-party) request's access token by presenting the received authorization grant to the Authorization server (Google Authentication server)
  • Authorization server (Google Authentication server) validates client and grant issues access token to the client (third-party)
  • Client (Third party) uses the access token to gain access to the protected resource in the resource server (google drive).

Why social logins are trending?

  • Eliminates need to remember login credentials for every website visited.
  • Pre-validated Email address, opportunity to reduce fake user accounts.
  • Speed up the registration process - Information about users can be quickly obtained from profile data returned by social login, instead of manually entering.

Time to see some code!

OAuth 1.0

Transport Independent

Founded in cryptography, especially digital signatures

OAuth 2.0

Transport Dependent

Centered around bearer tokens

Made with Slides.com