The document discusses OAuth 2.0 as a delegated authorization standard, highlighting its core components such as resource owners, clients, and authorization servers. It outlines necessary security practices, common OAuth flows, and pitfalls to avoid in order to maintain user privacy and security. Additionally, it provides examples of real-world applications, notably using Google OAuth 2.0.

1. - By Swati Wanjari

5. Earlier Practices

6. Simple Login: Form-based Authentication

7. Single-Sign-On : SAML (Security Assertion Markup
Language)

8. Delegated
Authorization

9. Earlier Solutions for Delegated Authorization

10. Need Of OAuth?

11. Security API Integration

12. Solution

13. Core
Components
of OAuth 2.0
•Resource owner (you)
•Client (the website you are visiting)
•Resource server / Authorization Server
(Google)

14. OAuth 2.0
in Action

16. Concept 1: OAuth is about authorization, not
authentication

17. Concept 2: Website won’t obtain your confidential
information

19. • Token required for getting
user’s Google resource
• Short-lived and periodically
expires
Access token
• Token for getting
a new access
token, when the
previous access
token expires.
User’s permission
is not required
during this
process
Refresh token

20. Authorization Code

21. Implicit Flow

22. Client Credentials
Flow

24. • Always Use HTTPS
• Use Short-Lived Tokens
• Avoid Implicit Flow for Sensitive Apps
• Use Scopes Wisely

25. Common Pitfalls to Avoid
• Exposing Access Tokens in URLs
• Failing to Rotate Secrets
• Not Validating Scopes Properly

26. Recap
- What OAuth 2.0 is and why it’s important.
- Key components of the OAuth architecture.
- The most common OAuth 2.0 flows.
- A real-world example using Google OAuth 2.0.
- Security best practices and common pitfalls."