OAuth: open authorization protocol which allows third parties to provide limited access to protected resources without having to transfer a username and password.
For example, a user who wants to give the social network service with access to the contacts of his mail does not have to inform the social network of his email password. Instead, the user is authorized in the mail service, which provides the social network service with access to the address book.
For example, a user who wants to give the social network service with access to the contacts of his mail does not have to inform the social network of his email password. Instead, the user is authorized in the mail service, which provides the social network service with access to the address book.
A bit of history
OAuth 1.0
OAuth started in
November 2006 when Blaine Cook was developing an OpenID implementation for Twitter.
Together with Chris Messina, Blaine was looking for a way to use OpenID to
access the Twitter API without providing a password service.
Collaborating with
one of the OpenID developers, David Recordon, Cook analyzed OpenID functionality
and authorization protocols such as Yahoo! BBAuth, Google AuthSub, Flickr Auth.
It was concluded that a new open contract is needed.
So, in April 2007, a group
of developers was formed who were engaged in its creation. The group was
attended by employees of AOL and Google. The final version of the OAuth 1.0 the protocol was presented on December 4, 2007, and in 2008 work began on
standardizing the protocol.
OAuth 2.0
In 2010, work began on
a new version of the OAuth 2.0 protocol. The main goal of the latest version is
to simplify the development of client applications.
The difference between
OAuth and OpenID
The opinion that OAuth
is an extension of the OpenID protocol is erroneous.
Although OpenID and OAuth
have much in common, OAuth is a standalone protocol and has nothing to do with
OpenID.
OAuth allows you to
grant rights to use a resource. The availability of reasons is determined by a
token, which can be the same for different users, or one user can have
different symbols at different times. Rights are granted in exchange for the
provision of a logo.
OpenID is an
authentication tool. With its help, you can make sure that the user is exactly
who he claims to be.
OAuth Scheme
For example, a user
wants to print his photos, which are uploaded to pixabay.com using the
google drive service
- The client using the HTTPS protocol sends a request to the service with the contents of the client identifier, timestamp, callback address, at which it will be necessary to return the token, type of digital signature and, directly, the numeric name itself
- The server confirms the request and responds to the client with an access token and part of the shared secret.
- The client transfers the token to the owner of the
resources and redirects the token to the server for authorization.
- The server receives a token and requests a username and
password. If authentication is successful, then asks for confirmation of
access to resources, after which the user is redirected by the server to
the client
- The client passes the token to the server using the TLS
protocol and requests access to resources
- The server confirms the request and responds to a client with a new access token.
- The client uses a new token to access the server for
resources
- The server confirms and provides resources.
No comments:
Post a Comment