Scribd Logo
Upload

Welcome to Scribd!

  • 4 views

    OAuth 2

    Uploaded by

    meenalochanisakthivel
    Network security study material

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    OAuth 2

    Uploaded by

    meenalochanisakthivel
    4 views6 pages
    Network security study material

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Network security study material

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    4 views6 pages

    OAuth 2

    Uploaded by

    meenalochanisakthivel
    Network security study material

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 6

    OAuth 2.0 (Open Authorization 2.

    0) is an industry-
    standard protocol used for delegated authorization,
    allowing applications to access resources on behalf of
    users without sharing their credentials. It is widely used
    in modern web and mobile applications to enable
    secure, controlled access to APIs and services. Let's
    delve into OAuth 2.0 with an example scenario:

    OAuth 2.0 Components:

    1. Resource Owner (User): The user who owns the


    data or resources that the client application wants
    to access.
    2. Client: The application (e.g., web app, mobile app)
    that requests access to the user's resources.
    3. Authorization Server: Manages the authentication
    and authorization processes, issues access tokens
    to clients.
    4. Resource Server: The server hosting the protected
    resources (e.g., APIs, data) that clients want to
    access.

    OAuth 2.0 Workflow (Authorization Code Grant):

    1. User Initiates Authorization:


    • The user accesses the client application and

    attempts to perform an action that requires


    access to their resources (e.g., viewing email
    contacts, posting on social media).
    2. Authorization Request:
    • The client redirects the user to the

    authorization server's authorization endpoint,


    including parameters such as client ID, scope
    (requested permissions), and a redirect URI.
    3. User Authentication and Consent:
    • The authorization server authenticates the user

    and presents them with a consent screen


    detailing the requested permissions (scopes).
    • The user approves the request, granting the

    client application permission to access their


    resources.
    4. Authorization Code Grant:
    • Upon user approval, the authorization server

    generates an authorization code and redirects


    the user back to the client's redirect URI along
    with the authorization code.
    5. Access Token Request:
    • The client sends a POST request to the

    authorization server's token endpoint,


    including the authorization code, client ID,
    client secret, redirect URI, and grant type
    (authorization code).
    • The client authenticates itself using its client

    credentials (client ID and client secret).


    6. Access Token Issuance:
    • If the authorization code and client credentials

    are valid, the authorization server responds


    with an access token and optionally a refresh
    token.
    7. Accessing Protected Resources:
    • The client uses the access token to make

    authorized requests to the resource server's


    API endpoints.
    • The resource server validates the access token

    and provides the requested resources if the


    token is valid and authorized.

    Example Scenario:

    Let's consider a scenario where a social media


    application (Client) wants to access a user's profile
    information (Resources) from a social media platform
    (Resource Server) using OAuth 2.0.

    1. User Interaction:
    • The user logs into the social media application

    and navigates to their profile settings.


    2. Authorization Request:
    • The social media application (Client) redirects

    the user to the social media platform's


    authorization endpoint, specifying the
    requested scopes (e.g., profile information
    access).
    3. User Authentication and Consent:
    • The user is prompted to log into their social
    media account on the authorization server
    (social media platform).
    • The authorization server presents a consent

    screen detailing the requested permissions


    (e.g., read user profile).
    • The user consents to the social media

    application accessing their profile information.


    4. Authorization Code Grant:
    • Upon user approval, the authorization server

    issues an authorization code and redirects the


    user back to the social media application with
    the code.
    5. Access Token Request:
    • The social media application sends a POST

    request to the authorization server's token


    endpoint, including the authorization code,
    client credentials (client ID and secret), redirect
    URI, and grant type (authorization code).
    6. Access Token Issuance:
    • The authorization server validates the request

    and responds with an access token.


    7. Accessing Profile Information:
    • The social media application uses the access

    token to make authorized API requests to the


    social media platform's profile API endpoints.
    • The social media platform validates the access

    token and provides the user's profile


    information (e.g., name, email, profile picture)
    to the client application.
    Key OAuth 2.0 Concepts:

    • Scopes: Permissions requested by the client


    application to access specific resources or perform
    actions on behalf of the user (e.g., read-only
    access, write access).
    • Redirect URIs: URLs where the authorization
    server redirects the user after authentication and
    consent, including authorization codes or tokens.
    • Access Tokens: Short-lived tokens issued by the
    authorization server, used by clients to access
    protected resources.
    • Refresh Tokens: Long-lived tokens used to obtain
    new access tokens without requiring user
    interaction once the access token expires.
    • Client Credentials: Unique identifiers (client ID and
    client secret) used by clients to authenticate
    themselves with the authorization server.

    OAuth 2.0 provides a secure and standardized


    framework for delegated authorization, enabling
    seamless and controlled access to user resources
    across different applications and services while
    protecting user credentials and privacy.

    You might also like