oauth tutorial - OAuth 2.0 Architecture - oauth2 tutorial - oauth authentication



What is Architecture in OAuth 2.0?

  • First, the resource server which is also known as web app gives delegates authorization responsibility to the authorization server (STS).
  • Second, the resource owner which is the user gives accesses to the service in the web app which is provided with the client id and client password
  • Third, the user authenticates and then grants access authorization to the authenticate server (STS)
  • Fourth, it issues the access token which is secured because it has username and password of the user and this process is done
  • Fifth, the user accesses the protected resources in the resource server
 process of OAuth 2.0 architecture

Learn OAuth 2.0 - OAuth 2.0 tutorial - process of OAuth 2.0 architecture - OAuth 2.0 examples - OAuth 2.0 programs

OAuth 2.0 Concepts

Here are some of the concepts of OAuth 2.0 which are explained in the table which is given below:

S.No. Concept & Description
1 Terminology

OAuth provides the terminology to understand the concepts of authorization.

2 Web Server

Web server delivers the web pages and uses HTTP to serve the files that forms the web pages to the users.

3 User-Agent

The user agent application is used by client applications in the user's device, which acts as the scripting language instance.

4 Native Application

Native application can be used as an instance of desktop or mobile phone application, which uses the resource owner password credentials.

5 OAuth client

The OAuth client can make protected resource requests on behalf of the resource owner after the resource owner grants it authorization. OAuth 2.0 introduces two types of clients: confidential and public. Confidential clients are registered with a client secret, while public clients are not.

6 Access token

This string represents specific scopes and durations of access. It is granted by the resource owner and enforced by the OAuth server.

7 Protected resource

A restricted resource that can be accessed from the OAuth server using authenticated requests.

8 Authorization grant

A grant that represents the resource owner authorization to access its protected resources. There are four authorization grant types: authorization code, implicit, resource owner password credentials, and client credentials.

9 Authorization code

A code that the Authorization server generates when the resource owner authorizes a request.

10 Refresh token

A string that is used to obtain a new access token. A refresh token is optionally issued by the authorization server to the OAuth client together with an access token. The OAuth client can use the refresh token to request another access token that is based on the same authorization, without involving the resource owner again.


Related Searches to OAuth 2.0 Architecture