Explanaton of the Oauth2 Flow in a simple real world example for hotel access key. The original idea of available on [1]
[1] https://www.tbray.org/ongoing/When/201x/2013/05/24/Access-Token-Hotel-Key
2. Presented By Vanjikumaran
Image is in this Slides are taken from the internet and the base concept taken on [1]
[1] https://www.tbray.org/ongoing/When/201x/2013/05/24/Access-Token-Hotel-Key
16. OAuth 2 Access Token
● An OAuth 2 access token is like a hotel-
room key card. It gives access, all by itself
without further checking, to a particular
resource!
● It’s issued to a particular person, who has to
be authenticated first (like by showing my
driver’s license at the check-in.)
17. OAuth 2 Access Token
● Nothing on the outside tells you who it’s
been issued to or what it’s for!
● It’s issued to a particular person, who has to
be authenticated first (like by showing my
driver’s license at the check-in.)
22. OAuth 2 Access Token
● It’s not encrypted, so you have to take care
of it (if a bad guy got it and knew what it was
for, he could get into my hotel room and rob
me blind.) Check.
● You can give it to someone else and have
them access the resource for you!
24. OAuth 2 Access Token
● If you lose it, you can go back to the issuer
and get another one which is functionally
identical.
● It expires after a while.
25. READ MORE on OAuth 2.0
● http://oauth.net/2/
● http://tools.ietf.org/html/rfc6749