oauth tutorial - OAuth Native Application - oauth2 tutorial - oauth authentication
What is Native Application in OAuth 2.0?
- Native application can be used as an instance for the desktop or the mobile phone application, which uses the resource owner credentials.
- Native applications are those applications that run directly on the end user’s device, hence it can be a computer or mobile device which is used
- The software which is used for the native application is compiled or is packaged and then it is installed onto the mobile device.
- These native applications can easily make use of direct HTTP call outbound to the remote server.
- Native application is a public client which is installed and it executes on the resource owner device.
- The authentication credentials used by the application are included in the application code which is used
- To make a front channel request, the native application needs to be able to reach out to the system web browser or to get the user to the authorization server directly.
- To listen for front channel responses, the native application needs to be able to serve URI that the browser can be redirected to by the authorization server.
- Native applications are using the authorization code for the, client credentials
- Native application is a system component that allows applications to display web content within the UI of an application.
- Native application acts as an embedded user-agent, separate from the system browser.
- The Native application has access to the system browser’s cookies, memory, or session information..
- The diagram which is given below shows the architecture of the client native application
learn oauth tutorial - oauth native application - oauth example
Description of the diagram:
- The resource owner accesses the resources of the resource owner application by using authenticating application such as Google, Facebook, Twitter, etc.
- The resource owner uses client Id and client password to log on to the authorization server.
- The authorization server allows accessing the resources from the resource server using the client credentials.
- The resource server contains the resources, which are owned by the resource owner.
- The web hosting client is used by public client native application that resides on the computer.
- It’s also used by public client apps running in a browser using a scripting language such as JavaScript.
- These public client apps can protect user secrets and apps are widely distributed and also the client secret can’t be confidential.
- The resource server uses the username-password authentication flow to authenticate when the customer already has the user’s credentials.