Your SlideShare is downloading. ×
Oauth 2.0
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Oauth 2.0


Published on

Introduction to Oauth 2, oauth2 overview

Introduction to Oauth 2, oauth2 overview

Published in: Technology

  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. OAuth 2.0 By- Manish Singh
  • 2. What is oauth?  Valet Key For the Web.  Authorization framework to grant restricted access to any third party app.  No need for user password.  Requires User Consent in most of the cases.  Allows different applications or servers to share user data.  Today the systems or applications need to work in harmony with each other by means of sharing application specific data and information.
  • 3. Who All Use Oauth??  Facebook  Google  Twitter  Microsoft  Flickr  Yahoo! And many more internet giants.
  • 4. Scenarios of oauth  Facebook became popular because of third party apps and games. All of these require you to provide some kind of access to your profile.  Similar third party apps are available for twitter etc.  Eg: you can publish your linked in status simultaneously on twitter as well.  Many sites provide facility to login with your Facebook, Google or Twitter a/c.
  • 5. Oauth2 Terminologies  Resource Server or the Resource Provider is a web site or web services API where User keeps his/her protected data.  Authorization Server is the server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization.  User or the Resource Owner is a member of the Resource Provider, wanting to share certain resources with a third-party app.
  • 6. Continued…  Client or Consumer Application is typically a web- based or mobile application that wants to access User's Protected Resources.  Client Credentials are the consumer key and consumer secret used to authenticate the Client.  Tokens are the access token generated by server after request from client using which a client app access certain portion of user data.
  • 7. High level flow of Oauth 2.0  The third party app developer/client registers himself on oauth service provider( like FB etc).  He Can add His apps there then. He gets app key/secret for each app he registers.  Whenever Uses any app, it asks for user’s permission to grant acccess for some of his personal data.  If User approves then a token is issued to the client app for a limited time.  The client uses the token to access the resource.
  • 8. Example of twitter Oauth
  • 9. Oauth2 flows  Bases on apps and use cases there are multiple flows in oauth2. Some of the widely used are:  Authorization Code Grant is used if app is server side and needs user consent to access his data.  Implicit Grant flow is for client side apps ( HTML5 or Javascript based) which need user consent.  Client Credentials Grant is used when app client and secret is needed and no user consent required
  • 10. Oauth2 Request Params  Client id  Secret ( used in auth code flow and client cred flow)  Redirect url  Scope ( optional)  Response type/grant type  state
  • 11. Auth Code Grant Flow
  • 12. Implicit Grant Flow
  • 13. Client Credentials Flow
  • 14. Oauth 2.0 Advantages  Integration of third party apps to any sites. Win win situation for the oauth provider and app developers.  By using OAuth 2.0, access can be granted for limited scope or duration.  No Need for users to give password on third party site.
  • 15. OAuth 2.0 Drawbacks  Writing an authorization server is somewhat complex.  Interoperability issues. Like Facebook oauth can be used only for Facebook APIs.  Sometimes unknowingly user can provide access for too much of his personal profile data which can be misused  Sometimes due to bad implementation there can be security issues in oauth2.
  • 16. Thank You Presentation by: Manish Singh Website: Email: