SlideShare a Scribd company logo

O auth

Download as PPTX, PDF
Ashok Kumar N, profile picture
Ashok Kumar N

OAuth 2.0 is an authorization framework that allows third-party applications to obtain limited access to a user's data on another service, either on behalf of the user by facilitating an approval interaction or by obtaining access on its own behalf. It addresses the issue of sharing user credentials by introducing an authorization layer and separating the client from the resource owner. The client requests access to resources controlled by the resource owner and hosted by the resource server, and is issued a token rather than the user's credentials.

Software
1 of 9
Download to read offline
1
2
3
4
5
6
7
8
9
OAuth 2.0 codesnippet.in
Introduction  The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.  OAuth addresses issue of sharing resource owner’s credentials to access protected resources by introducing an authorization layer and separating the role of the client from that of the resource owner.  In OAuth, the client requests access to resources controlled by the resource owner and hosted by the resource server, and is issued a different set of credentials than those of the resource owner.  The client obtains an access token -- a string denoting a specific scope, lifetime, and other access attributes. Access tokens are issued to third-party clients by an authorization server with the approval of the resource owner. The client uses the access token to access the protected resources hosted by the resource server.
Terminology  Access token - A token used to access protected resources.  Authorization code - An intermediary token generated when a user authorizes a client to access protected resources on their behalf.The client receives this token and exchanges it for an access token.  Authorization server - A server which issues access tokens after successfully authenticating a client and resource owner, and authorizing the request.  Client - An application which accesses protected resources on behalf of the resource owner (such as a user).The client could be hosted on a server, desktop, mobile or other device. Client Id and Client secret  Grant - A grant is a method of acquiring an access token.  Resource server - A server which sits in front of protected resources (for example “tweets”, users’ photos, or personal data) and is capable of accepting and responding to protected resource requests using access tokens.  Resource owner -The user who authorizes an application to access their account.The application’s access to the user’s account is limited to the “scope” of the authorization granted (e.g. read or write access).  Scope - A permission.
Grant flow
Client Credentials Grant token_type expires_in access_token grant_type | client_id | client_secret | scope
Authorization Grant response_type| client_id | redirect_uri | scope | state code | state grant_type | client_id | client_secret | redirect_uri | code token_type | expires_in | access_token | refresh_token
Password Grant grant_type| client_id | client_secret | scope | username |password token_type | expires_in | access_token | refresh_token
ImplicitGrant response_type| client_id | redirect_uri | scope | state token_type | expires_in | access_token | state
O auth

More Related Content

PPTX
Introduction to OAuth2
Sean Whitesell
 
DOCX
Existing system
madhukarreddy007
 
PPTX
Apache Airavata Credential Store
smarru
 
PPTX
OAuth2 Presentaion
Bhargav Surimenu
 
PDF
Spring security oauth2
axykim00
 
PPT
Grid security
josephineusha
 
PPT
Mashing Up with User-centric Identity
kkjjkevin03
 
PPTX
Iam sso-questioner
Thangaraj Narayanan, TOGAF
 
Introduction to OAuth2
Sean Whitesell
 
Existing system
madhukarreddy007
 
Apache Airavata Credential Store
smarru
 
OAuth2 Presentaion
Bhargav Surimenu
 
Spring security oauth2
axykim00
 
Grid security
josephineusha
 
Mashing Up with User-centric Identity
kkjjkevin03
 
Iam sso-questioner
Thangaraj Narayanan, TOGAF
 

Similar to O auth (20)

PDF
A Survey on SSO Authentication protocols: Security and Performance
Amin Saqi
 
PPTX
OAuth2 Implementation Presentation (Java)
Knoldus Inc.
 
PPTX
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
Good Dog Labs, Inc.
 
PDF
Introduction to OAuth2.0
Oracle Corporation
 
PPTX
An introduction to OAuth 2
Sanjoy Kumar Roy
 
PPTX
Oauth2 and OWSM OAuth2 support
Gaurav Sharma
 
PPTX
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Nilanjan Roy
 
PDF
OAuth 2.0 with IBM WebSphere DataPower
Shiu-Fun Poon
 
PPT
O auth 2
Nisha Baswal
 
PDF
Lecture #25 : Oauth 2.0
Dr. Ramchandra Mangrulkar
 
PPTX
OAuth2 + API Security
Amila Paranawithana
 
PPTX
O auth 2.0 authorization framework
John Temoty Roca
 
PDF
OAuth2 primer
Manish Pandit
 
PDF
OAuth2
SPARK MEDIA
 
PPTX
OAuth [noddyCha]
noddycha
 
PPTX
The OAuth 2.0 Authorization Framework
Samuele Cozzi
 
PPT
Silicon Valley Code Camp 2009: OAuth: What, Why and How
Manish Pandit
 
PDF
Survey on Restful Web Services Using Open Authorization (Oauth)I01545356
IOSR Journals
 
PPTX
"Протокол авторизации OAuth"
Olga Lavrentieva
 
PDF
OAuth 2.0 with Pet Care House
Prabath Siriwardena
 
A Survey on SSO Authentication protocols: Security and Performance
Amin Saqi
 
OAuth2 Implementation Presentation (Java)
Knoldus Inc.
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
Good Dog Labs, Inc.
 
Introduction to OAuth2.0
Oracle Corporation
 
An introduction to OAuth 2
Sanjoy Kumar Roy
 
Oauth2 and OWSM OAuth2 support
Gaurav Sharma
 
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Nilanjan Roy
 
OAuth 2.0 with IBM WebSphere DataPower
Shiu-Fun Poon
 
O auth 2
Nisha Baswal
 
Lecture #25 : Oauth 2.0
Dr. Ramchandra Mangrulkar
 
OAuth2 + API Security
Amila Paranawithana
 
O auth 2.0 authorization framework
John Temoty Roca
 
OAuth2 primer
Manish Pandit
 
OAuth2
SPARK MEDIA
 
OAuth [noddyCha]
noddycha
 
The OAuth 2.0 Authorization Framework
Samuele Cozzi
 
Silicon Valley Code Camp 2009: OAuth: What, Why and How
Manish Pandit
 
Survey on Restful Web Services Using Open Authorization (Oauth)I01545356
IOSR Journals
 
"Протокол авторизации OAuth"
Olga Lavrentieva
 
OAuth 2.0 with Pet Care House
Prabath Siriwardena
 
Ad

Recently uploaded (20)

PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
PPTX
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PDF
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PPTX
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
PDF
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
PDF
AI in Product Development-omnex systems
omnex systems
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
Introduction to Artificial Intelligence
lohedi9363
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
AI in Product Development-omnex systems
omnex systems
 
Ad

O auth

  • 2. Introduction  The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.  OAuth addresses issue of sharing resource owner’s credentials to access protected resources by introducing an authorization layer and separating the role of the client from that of the resource owner.  In OAuth, the client requests access to resources controlled by the resource owner and hosted by the resource server, and is issued a different set of credentials than those of the resource owner.  The client obtains an access token -- a string denoting a specific scope, lifetime, and other access attributes. Access tokens are issued to third-party clients by an authorization server with the approval of the resource owner. The client uses the access token to access the protected resources hosted by the resource server.
  • 3. Terminology  Access token - A token used to access protected resources.  Authorization code - An intermediary token generated when a user authorizes a client to access protected resources on their behalf.The client receives this token and exchanges it for an access token.  Authorization server - A server which issues access tokens after successfully authenticating a client and resource owner, and authorizing the request.  Client - An application which accesses protected resources on behalf of the resource owner (such as a user).The client could be hosted on a server, desktop, mobile or other device. Client Id and Client secret  Grant - A grant is a method of acquiring an access token.  Resource server - A server which sits in front of protected resources (for example “tweets”, users’ photos, or personal data) and is capable of accepting and responding to protected resource requests using access tokens.  Resource owner -The user who authorizes an application to access their account.The application’s access to the user’s account is limited to the “scope” of the authorization granted (e.g. read or write access).  Scope - A permission.
  • 6. Authorization Grant response_type| client_id | redirect_uri | scope | state code | state grant_type | client_id | client_secret | redirect_uri | code token_type | expires_in | access_token | refresh_token
  • 7. Password Grant grant_type| client_id | client_secret | scope | username |password token_type | expires_in | access_token | refresh_token
  • 8. ImplicitGrant response_type| client_id | redirect_uri | scope | state token_type | expires_in | access_token | state