Ashok Kumar N, profile picture
Uploaded byAshok Kumar N
PPTX, PDF151 views

O auth

OAuth 2.0 is an authorization framework that allows third-party applications to obtain limited access to a user's data on another service, either on behalf of the user by facilitating an approval interaction or by obtaining access on its own behalf. It addresses the issue of sharing user credentials by introducing an authorization layer and separating the client from the resource owner. The client requests access to resources controlled by the resource owner and hosted by the resource server, and is issued a token rather than the user's credentials.

Embed presentation

Download to read offline
OAuth 2.0 codesnippet.in
Introduction  The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.  OAuth addresses issue of sharing resource owner’s credentials to access protected resources by introducing an authorization layer and separating the role of the client from that of the resource owner.  In OAuth, the client requests access to resources controlled by the resource owner and hosted by the resource server, and is issued a different set of credentials than those of the resource owner.  The client obtains an access token -- a string denoting a specific scope, lifetime, and other access attributes. Access tokens are issued to third-party clients by an authorization server with the approval of the resource owner. The client uses the access token to access the protected resources hosted by the resource server.
Terminology  Access token - A token used to access protected resources.  Authorization code - An intermediary token generated when a user authorizes a client to access protected resources on their behalf.The client receives this token and exchanges it for an access token.  Authorization server - A server which issues access tokens after successfully authenticating a client and resource owner, and authorizing the request.  Client - An application which accesses protected resources on behalf of the resource owner (such as a user).The client could be hosted on a server, desktop, mobile or other device. Client Id and Client secret  Grant - A grant is a method of acquiring an access token.  Resource server - A server which sits in front of protected resources (for example “tweets”, users’ photos, or personal data) and is capable of accepting and responding to protected resource requests using access tokens.  Resource owner -The user who authorizes an application to access their account.The application’s access to the user’s account is limited to the “scope” of the authorization granted (e.g. read or write access).  Scope - A permission.
Grant flow
Client Credentials Grant token_type expires_in access_token grant_type | client_id | client_secret | scope
Authorization Grant response_type| client_id | redirect_uri | scope | state code | state grant_type | client_id | client_secret | redirect_uri | code token_type | expires_in | access_token | refresh_token
Password Grant grant_type| client_id | client_secret | scope | username |password token_type | expires_in | access_token | refresh_token
ImplicitGrant response_type| client_id | redirect_uri | scope | state token_type | expires_in | access_token | state
O auth

More Related Content

PPTX
OAuth2 Presentaion
byBhargav Surimenu
 
PPTX
Introduction to OAuth2
bySean Whitesell
 
PDF
Spring security oauth2
byaxykim00
 
PPTX
Apache Airavata Credential Store
bysmarru
 
PPT
Grid security
byjosephineusha
 
DOCX
Existing system
bymadhukarreddy007
 
PPT
Mashing Up with User-centric Identity
bykkjjkevin03
 
PPTX
Iam sso-questioner
byThangaraj Narayanan, TOGAF
 
OAuth2 Presentaion
byBhargav Surimenu
 
Introduction to OAuth2
bySean Whitesell
 
Spring security oauth2
byaxykim00
 
Apache Airavata Credential Store
bysmarru
 
Grid security
byjosephineusha
 
Existing system
bymadhukarreddy007
 
Mashing Up with User-centric Identity
bykkjjkevin03
 
Iam sso-questioner
byThangaraj Narayanan, TOGAF
 

Similar to O auth

PPTX
OAuth2 Implementation Presentation (Java)
byKnoldus Inc.
 
PPTX
OAuth2 + API Security
byAmila Paranawithana
 
PPTX
Oauth2 and OWSM OAuth2 support
byGaurav Sharma
 
PDF
Stateless Auth using OAuth2 & JWT
byGaurav Roy
 
PDF
Stateless Auth using OAUTH2 & JWT
byMobiliya
 
PPTX
OAuth 2
byChrisWood262
 
PDF
Demystifying OAuth 2.0
byKarl McGuinness
 
PDF
Spring Security
byKnoldus Inc.
 
PPTX
(1) OAuth 2.0 Overview
byanikristo
 
PPTX
An introduction to OAuth 2
bySanjoy Kumar Roy
 
PPTX
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
byNilanjan Roy
 
PPTX
O auth 2.0 authorization framework
byJohn Temoty Roca
 
PDF
OAuth2
bySPARK MEDIA
 
PDF
oauth-for-credentials-security-in-rest-api-access
byidsecconf
 
PDF
When and Why Would I use Oauth2?
byDave Syer
 
PDF
Spring4 security oauth2
byaxykim00
 
PDF
Spring4 security oauth2
bySang Shin
 
PDF
ConFoo 2015 - Securing RESTful resources with OAuth2
byRodrigo Cândido da Silva
 
PDF
Draft Ietf Oauth V2 12
byVishal Shah
 
PDF
Oauth2.0
byiratao
 
OAuth2 Implementation Presentation (Java)
byKnoldus Inc.
 
OAuth2 + API Security
byAmila Paranawithana
 
Oauth2 and OWSM OAuth2 support
byGaurav Sharma
 
Stateless Auth using OAuth2 & JWT
byGaurav Roy
 
Stateless Auth using OAUTH2 & JWT
byMobiliya
 
OAuth 2
byChrisWood262
 
Demystifying OAuth 2.0
byKarl McGuinness
 
Spring Security
byKnoldus Inc.
 
(1) OAuth 2.0 Overview
byanikristo
 
An introduction to OAuth 2
bySanjoy Kumar Roy
 
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
byNilanjan Roy
 
O auth 2.0 authorization framework
byJohn Temoty Roca
 
OAuth2
bySPARK MEDIA
 
oauth-for-credentials-security-in-rest-api-access
byidsecconf
 
When and Why Would I use Oauth2?
byDave Syer
 
Spring4 security oauth2
byaxykim00
 
Spring4 security oauth2
bySang Shin
 
ConFoo 2015 - Securing RESTful resources with OAuth2
byRodrigo Cândido da Silva
 
Draft Ietf Oauth V2 12
byVishal Shah
 
Oauth2.0
byiratao
 

Recently uploaded

PPT
This-Project-Demonstrates-How-to-Create.ppt
byjayasuryanexinfo
 
PDF
Code, Coins and Collaboration: How Open Source Shapes Modern Finance.
byDavid Okononfua
 
PDF
Navigating SEC Regulations for Crypto Exchanges Preparing for a Compliant Fut...
byzak jasper
 
PPTX
Reimagining Service with AI Voice Agents | Webinar
byCEPTES Software
 
PPTX
Binance Smart Chain Development Guide.pptx
bylakshubadai
 
PDF
From Boroughs to Browsers: Naresh Ramaiya’s Digital Journey
bynareshramaiyaus
 
PDF
Constraints First - Why Our On-Prem Ticketing System Starts With Limits, Not ...
bySpirit Face
 
PDF
Cloud-Based Underwriting Software for Insurance
byInsurance Tech Services
 
PPTX
Managed Splunk Partner vs In-House: Cost, Risk & Value Comparison
byssuser6ab5a5
 
PPTX
#15 All About Anypoint MQ - Calicut MuleSoft Meetup Group
bycalicutmulesoftmeetu
 
PDF
Blueprint to build quality before the code exists - StackConnect Milan 2025
byLudovicoBesana1
 
PDF
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
PDF
SecureChain AI (SCAI) Token – Smart Contract Security Audit Report by EtherAu...
byEtherAuthority
 
PDF
INTRODUCTION TO DATABASES, MYSQL, MS ACCESS, PHARMACY DRUG DATABASE.pdf
bylikudas9861
 
PPTX
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
PDF
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
PDF
Imed Eddine Bouchoucha | computer engineer | software Architect
byImed Bouchoucha
 
PDF
IT Estate Modernization: Transform Your Infrastructure for the Future .pdf
byAstuteBusiness
 
PDF
Data structure using C :UNIT-I Introduction to Data structures and Stacks BCA...
byKuvempu University
 
PDF
Advanced Prompt Engineering: The Art and Science
byMaxim Salnikov
 
This-Project-Demonstrates-How-to-Create.ppt
byjayasuryanexinfo
 
Code, Coins and Collaboration: How Open Source Shapes Modern Finance.
byDavid Okononfua
 
Navigating SEC Regulations for Crypto Exchanges Preparing for a Compliant Fut...
byzak jasper
 
Reimagining Service with AI Voice Agents | Webinar
byCEPTES Software
 
Binance Smart Chain Development Guide.pptx
bylakshubadai
 
From Boroughs to Browsers: Naresh Ramaiya’s Digital Journey
bynareshramaiyaus
 
Constraints First - Why Our On-Prem Ticketing System Starts With Limits, Not ...
bySpirit Face
 
Cloud-Based Underwriting Software for Insurance
byInsurance Tech Services
 
Managed Splunk Partner vs In-House: Cost, Risk & Value Comparison
byssuser6ab5a5
 
#15 All About Anypoint MQ - Calicut MuleSoft Meetup Group
bycalicutmulesoftmeetu
 
Blueprint to build quality before the code exists - StackConnect Milan 2025
byLudovicoBesana1
 
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
SecureChain AI (SCAI) Token – Smart Contract Security Audit Report by EtherAu...
byEtherAuthority
 
INTRODUCTION TO DATABASES, MYSQL, MS ACCESS, PHARMACY DRUG DATABASE.pdf
bylikudas9861
 
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
Imed Eddine Bouchoucha | computer engineer | software Architect
byImed Bouchoucha
 
IT Estate Modernization: Transform Your Infrastructure for the Future .pdf
byAstuteBusiness
 
Data structure using C :UNIT-I Introduction to Data structures and Stacks BCA...
byKuvempu University
 
Advanced Prompt Engineering: The Art and Science
byMaxim Salnikov
 

O auth

  • 1.
  • 2.
    Introduction  The OAuth2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.  OAuth addresses issue of sharing resource owner’s credentials to access protected resources by introducing an authorization layer and separating the role of the client from that of the resource owner.  In OAuth, the client requests access to resources controlled by the resource owner and hosted by the resource server, and is issued a different set of credentials than those of the resource owner.  The client obtains an access token -- a string denoting a specific scope, lifetime, and other access attributes. Access tokens are issued to third-party clients by an authorization server with the approval of the resource owner. The client uses the access token to access the protected resources hosted by the resource server.
  • 3.
    Terminology  Access token- A token used to access protected resources.  Authorization code - An intermediary token generated when a user authorizes a client to access protected resources on their behalf.The client receives this token and exchanges it for an access token.  Authorization server - A server which issues access tokens after successfully authenticating a client and resource owner, and authorizing the request.  Client - An application which accesses protected resources on behalf of the resource owner (such as a user).The client could be hosted on a server, desktop, mobile or other device. Client Id and Client secret  Grant - A grant is a method of acquiring an access token.  Resource server - A server which sits in front of protected resources (for example “tweets”, users’ photos, or personal data) and is capable of accepting and responding to protected resource requests using access tokens.  Resource owner -The user who authorizes an application to access their account.The application’s access to the user’s account is limited to the “scope” of the authorization granted (e.g. read or write access).  Scope - A permission.
  • 4.
  • 5.
  • 6.
    Authorization Grant response_type| client_id | redirect_uri |scope | state code | state grant_type | client_id | client_secret | redirect_uri | code token_type | expires_in | access_token | refresh_token
  • 7.
    Password Grant grant_type| client_id | client_secret |scope | username |password token_type | expires_in | access_token | refresh_token
  • 8.
    ImplicitGrant response_type| client_id | redirect_uri | scope| state token_type | expires_in | access_token | state