|
| 1 | +--- |
| 2 | +title : What IS OAuth |
| 3 | +sidebar_label : What IS OAuth |
| 4 | +--- |
| 5 | + |
| 6 | +# What IS OAuth |
| 7 | + |
| 8 | +<SubHeading>Open standard and protocol for secure authorization and authentication on the internet.</SubHeading> |
| 9 | + |
| 10 | +OAuth, which stands for "Open Authorization," is an open standard and protocol for secure authorization and authentication on the internet. |
| 11 | +It allows users to grant third-party applications limited access to their resources or data without sharing their login credentials. |
| 12 | + |
| 13 | +OAuth is widely used by web and mobile applications to provide secure access to services and data from other providers (known as "resource servers") on behalf of a user. |
| 14 | + |
| 15 | +> Here are the **key components and concepts of OAuth**: |
| 16 | +
|
| 17 | +## **Resource Owner** |
| 18 | + |
| 19 | +The resource owner is the user who owns the data or resources being accessed. For example, this could be a user's photos on a social media platform or their email messages. |
| 20 | + |
| 21 | +## **Client** |
| 22 | + |
| 23 | +The client is the application that wants access to the user's resources. This could be a mobile app, a web application, or any software component that interacts with the resource server on behalf of the user. |
| 24 | + |
| 25 | +## **Authorization Server** |
| 26 | + |
| 27 | +The authorization server is responsible for authenticating the resource owner and granting access tokens to the client. |
| 28 | +It verifies the identity of the user and ensures they give consent for the client to access their resources. |
| 29 | + |
| 30 | +## **Resource Server** |
| 31 | + |
| 32 | +The resource server hosts the protected resources that the client wants to access. It can be a web service, an API, or any other data provider. |
| 33 | + |
| 34 | +## **Access Token** |
| 35 | + |
| 36 | +An access token is a credential that the client uses to access the resource server on behalf of the user. |
| 37 | +It serves as proof of authorization and is issued by the authorization server. Access tokens are typically short-lived and can have different scopes, indicating the specific permissions granted to the client. |
| 38 | + |
| 39 | +## **Authorization Grant** |
| 40 | + |
| 41 | +The authorization grant is a credential representing the resource owner's consent for the client to access their resources. |
| 42 | +It is used by the client to obtain an access token. Common authorization grants include the "authorization code," "implicit," "password," and "client credentials." |
| 43 | + |
| 44 | +## **Redirect URI** |
| 45 | + |
| 46 | +After the user grants or denies permission, the authorization server redirects the user back to the client application at a predefined redirect URI. This URI is used to deliver the authorization code or access token. |
| 47 | + |
| 48 | +## ✅ In Summary |
| 49 | + |
| 50 | +OAuth is often used for scenarios where a user wants to allow a third-party application to access their data from another service without sharing their login credentials. |
| 51 | +For example, when you use your Google or Facebook account to log in to a third-party app, OAuth is typically used to manage this authentication and authorization process securely. |
| 52 | + |
| 53 | +OAuth has become a fundamental building block for modern web and mobile applications, enabling secure and controlled access to user data and services while protecting user credentials and privacy. |
| 54 | + |
| 55 | +## ✅ Resources |
| 56 | + |
| 57 | +- 👉 Access [AppSeed](https://appseed.us/) and start your next project |
| 58 | +- 👉 [Deploy Projects on Aws, Azure and Digital Ocean](https://www.docs.deploypro.dev/) via **DeployPRO** |
| 59 | +- 👉 Create an amazing landing page with [Simpllo, an open-source site builder](https://www.simpllo.com/) |
| 60 | +- 👉 [Django App Generator](https://app-generator.dev/django/) - A 2nd generation App Builder |
0 commit comments