OAuth is an authorization standard that allows access to protected resources like photos, videos, or documents without sharing login credentials. It uses tokens instead of passwords to grant authorization to third parties. In an example, a user Jane wants to share private photos on Faji with a printing service Beppa. Beppa obtains a consumer key and secret from Faji to access Jane's photos. Jane is redirected to Faji to approve Beppa's access, then Beppa exchanges an authorized request token for an access token to retrieve Jane's photos from Faji without her password. OAuth provides secure authorization by using time-limited tokens rather than usernames and passwords.

1. OAuth? Oaths is an authorization standard for API’s that does away with logins and passwords to grant authorization to a third-party

2. Why OAuth? Every day a new websites are launched which tie services from different sites and offer you

3. OAuth Definitions Service provider The website or web-service where the restricted resources are located User User have ‘stuff’ they don’t want to make pubic on the service provider but they do want to share it with another site Consumer The name for the application trying access the users resources Protected Resources The ‘stuff’ oauth protects and allow access. Tokens Tokens are used instead of user credentials to access resources

4. OAuth : Protocol Workflow

5. Jane wants to share some of her vacation photos with her friends. Jane uses Faji, a photo sharing site, for sharing journey photos. She signs into her faji.com account, and uploads two photos which she marks private. Using OAuth terminology Jane is the User Faji is the Service Provider. The 2 photos Jane uploaded are the Protected Resources. OAuth Example

6. Jane wants to share them with her grandmother. But grandma doesn’t have an internet connection so Jane plans to order prints and have them mailed to grandma. Being a responsible person, Jane uses Beppa, an environmentally friendly photo printing service. Using OAuth terminology, Beppais the Consumer. Beppa must use OAuth to gain access to the photos in order to print them.

7. When Beppa added support for Faji photo import, a Beppa developer known in OAuth as a Consumer Developer obtained a Consumer Key and Consumer Secret from Faji to be used with Faji’s OAuth-enabled API. Using OAuth terminology, Consumer Key Consumer secret

8. Beppa requests from Faji a Request Token. At this point, the Request Token is not User-specific, and can be used by Beppa to gain User approval from Jane to access her private photos. Using OAuth terminology, Request Token

9. When Beppa receives the Request Token, it redirects Jane to the Faji OAuth User Authorization URL with the Request Token and asks Faji to redirect Jane back once approval has been granted to http://beppa.com/order. Using OAuth terminology, Oauth User Authorization URL Call Back URL

10. After successfully logging into Faji, Jane is asked to grant access to Beppa, the Consumer. Faji informs Jane of who is requesting access (in this case Beppa) and the type of access being granted. Jane can approve or deny access.

11. Jane waits for Beppa to present her with her photos fetched from her Faji account.

12. While Jane waits, Beppa uses the authorized Request Token and exchanges it for an Access Token. Request Tokens are only good for obtaining User approval, while Access Tokens are used to access Protected Resources, in this case Jane’s photos. In the first request, Beppa exchanges the Request Token for an Access Token and in the second (can be multiple requests, one for a list of photos, and a few more to get each photo) request gets the photos. Using OAuth terminology, Access Token

13. Jane is very impressed how Beppa grabbed her photos without asking for her username and password. She likes what she sees and place the print order.

15. Credentials and tokens Oauth uses three types of credentials Client credentilas(consumer key and secret) Temporary credentials(request token and secret) Token credentilas(access token and secret) Client credentials Allows server to authenticate server Allows server to get information about the client Token credentials Token credentials are in place of username and password The client uses token credentials to access resource owner procted resource Token credentials are limited in scope and duration Temporary credentials Used to identify the authorization reuest To accommodate different clients ikedesktop,mobileerc Add extra flexibilyt and security Tokens