reading-notes

Class 301.15

Notes

Readings

What is OAuth

  1. What is OAuth?

    OAuth is an open standard authorization protocol that allows users to share access to their resources on one site with another site, without sharing their login credentials.

  2. Give an example of what using OAuth would look like.

    An example is logging into a website using your Google or Facebook account. The user logs in with Google or Facebook, which authenticates them, and then the website gets an access token to access information from the user’s Google or Facebook account.

  3. How does OAuth work? What are the steps that it takes to authenticate the user?

    The steps OAuth takes to authenticate a user are:

    • User initiates a transaction on Site 1 that needs access to Site 2
    • Site 1 asks for an unauthorized request token from Site 2
    • Site 2 generates a token and secret and sends them back to Site 1
    • Site 1 gives the token and secret to the user’s client software
    • The client software authenticates to Site 2 and authorizes the token
    • Site 2 gives an access token to the client
    • The client gives the access token to Site 1
    • Site 1 can now access Site 2 on behalf of the user
  4. What is OpenID?

    OpenID is an open authentication protocol that allows users to log into different websites using the same login credentials. It is for user authentication, while OAuth is for authorization.

Authorization and Authentication flows

  1. What is the difference between authorization and authentication?

    Authentication is the process of verifying a user’s identity, while authorization determines what resources the authenticated user can access.

  2. What is Authorization Code Flow?

    an OAuth 2.0 method used for server-side web applications where an authorization code is exchanged for an access token

  3. What is Authorization Code Flow with Proof Key for Code Exchange (PKCE)?

    enhances the standard Authorization Code Flow by adding an extra layer of security, often for mobile and native applications

  4. What is Implicit Flow with Form Post?

    a simplified OAuth flow generally used for client-side web applications, where the access token is returned directly without an intermediate authorization code.

  5. What is Client Credentials Flow?

    an OAuth 2.0 flow where server-to-server communication is authenticated using only the client’s credentials

  6. What is Device Authorization Flow?

    used for devices that don’t have the ability to browse or input text, allowing them to be authorized by pairing with a separate device.

  7. What is Resource Owner Password Flow?

    an OAuth 2.0 flow where users provide their username and password directly to the application, which then uses these to obtain an access token

Things I want to learn more about

References

This site is open source. Improve this page.