Explanaton of the Oauth2 Flow in a simple real world example for hotel access key. The original idea of available on [1] [1] https://www.tbray.org/ongoing/When/201x/2013/05/24/Access-Token-Hotel-Key

1. OAuth 2.0
Simplified

2. Presented By Vanjikumaran
Image is in this Slides are taken from the internet and the base concept taken on [1]
[1] https://www.tbray.org/ongoing/When/201x/2013/05/24/Access-Token-Hotel-Key

3. On the way to Vacation!

4. And they found the HOTEL

5. HOTEL has RESOURCES

6. Security!!

7. Security!!!!!!!

8. Security!!!!!!!!!!!!!!!!!!!!!!!

9. Formal Request to HOTEL

10. VANJI’s Identity Card

11. HOTEL TOKEN

12. Finally Vanji got Access 2 * @ HOTEL

13. VANJI has access to RESOURCES

14. VANJI has access to room

15. Brid view Idea!

16. OAuth 2 Access Token
● An OAuth 2 access token is like a hotel-
room key card. It gives access, all by itself
without further checking, to a particular
resource!
● It’s issued to a particular person, who has to
be authenticated first (like by showing my
driver’s license at the check-in.)

17. OAuth 2 Access Token
● Nothing on the outside tells you who it’s
been issued to or what it’s for!
● It’s issued to a particular person, who has to
be authenticated first (like by showing my
driver’s license at the check-in.)

18. But!! 2 friends of him next to him!

19. TOM borrowed the HOTEL CARD

20. TOM has access to RESOURCES

21. TOM has access to VANJIs room

22. OAuth 2 Access Token
● It’s not encrypted, so you have to take care
of it (if a bad guy got it and knew what it was
for, he could get into my hotel room and rob
me blind.) Check.
● You can give it to someone else and have
them access the resource for you!

23. REVOKE HOTEL TOKEN!!!!!!!

24. OAuth 2 Access Token
● If you lose it, you can go back to the issuer
and get another one which is functionally
identical.
● It expires after a while.

25. READ MORE on OAuth 2.0
● http://oauth.net/2/
● http://tools.ietf.org/html/rfc6749