OAuth
Objectives
- Draw and explain the OAuth data flow
- Identify use-cases for OAuth
- Implement OAuth using Passport
What is OAuth
OAuth is a authentication protocol.
It allows our users to login to our applications via a third party such as Facebook or Google
What is OAuth
Our users grant us permission to access some of their account information from a 3rd party provider.
What is OAuth
Our users provide the 3rd party with their login credentials for the 3rd party website.
What is OAuth
If verified, the 3rd party gives our server an access token for that user.
Additionally, WE log them in to OUR application.
OAuth Flow
Client
Our Server
3rd party server
These are the 3 machines involved in OAuth
OAuth Flow
Client
Our Server
3rd party server
Before any authentication, a developer for our server registers with Facebook.
We provide Facebook with a specific "redirect URL" and get a "client_id" and a "client_secret"
OAuth Flow
Client
Our Server
3rd party server
First a client goes to our webpage. We respond with our landing page.
OAuth Flow
Client
Our Server
3rd party server
Then, a user clicks "Login with Facebook" which sends a request directly to FB, often in a new tab.
OAuth Flow
Client
Our Server
3rd party server
Our user provides Facebook with their credentials, and authorizes OUR application to use their Facebook data.
OAuth Flow
Client
Our Server
3rd party server
Facebook's response redirects the client (our user) to our "redirect URL" and provides a query-parameter called an "authentication code".
OAuth Flow
Client
Our Server
3rd party server
Our server now provides the authentication code, client_id, and client_secret to Facebook.
OAuth Flow
Client
Our Server
3rd party server
Finally, Facebook responds with an "Authorization Token" which grants our application access to our users Facebook information
OAuth Flow
Client
Our Server
3rd party server
After all this, we can log the user into our service.
You Try!
Grab a Mini-Whiteboard and draw the OAuth flow.
Compare Notes
Discuss your drawing with a fellow student!
Why OAuth?
How to OAuth
Grab a partner and try to implement this simple server:
How to OAuth
There is a shorter reference example here:
https://github.com/jaredhanson/passport-linkedin/tree/master/examples/login
How to OAuth
There is a longer reference example here:
https://github.com/gSchool/express-passport-linkedin-solution
OAuth
By Tyler Bettilyon
