OAuth is a authentication protocol.
It allows our users to login to our applications via a third party such as Facebook or Google
Our users grant us permission to access some of their account information from a 3rd party provider.
Our users provide the 3rd party with their login credentials for the 3rd party website.
If verified, the 3rd party gives our server an access token for that user.
Additionally, WE log them in to OUR application.
Client
Our Server
3rd party server
These are the 3 machines involved in OAuth
Client
Our Server
3rd party server
Before any authentication, a developer for our server registers with Facebook.
We provide Facebook with a specific "redirect URL" and get a "client_id" and a "client_secret"
Client
Our Server
3rd party server
First a client goes to our webpage. We respond with our landing page.
Client
Our Server
3rd party server
Then, a user clicks "Login with Facebook" which sends a request directly to FB, often in a new tab.
Client
Our Server
3rd party server
Our user provides Facebook with their credentials, and authorizes OUR application to use their Facebook data.
Client
Our Server
3rd party server
Facebook's response redirects the client (our user) to our "redirect URL" and provides a query-parameter called an "authentication code".
Client
Our Server
3rd party server
Our server now provides the authentication code, client_id, and client_secret to Facebook.
Client
Our Server
3rd party server
Finally, Facebook responds with an "Authorization Token" which grants our application access to our users Facebook information
Client
Our Server
3rd party server
After all this, we can log the user into our service.
Grab a partner and try to implement this simple server:
There is a shorter reference example here:
https://github.com/jaredhanson/passport-linkedin/tree/master/examples/login
There is a longer reference example here:
https://github.com/gSchool/express-passport-linkedin-solution