{"id":27,"date":"2018-10-16T11:10:00","date_gmt":"2018-10-16T11:10:00","guid":{"rendered":""},"modified":"2020-07-25T21:53:14","modified_gmt":"2020-07-25T19:53:14","slug":"what-is-oauth-an-introduction-to-oauth-and-openid","status":"publish","type":"post","link":"https:\/\/kindsonthegenius.com\/blog\/what-is-oauth-an-introduction-to-oauth-and-openid\/","title":{"rendered":"What is OAuth? (An Introduction to OAuth and OpenID)"},"content":{"rendered":"

My name is Kindson and in this brief, lesson I would teach you the basics of OAuth 2.0 and OpenID. You will understand what they are and how they work very clearly.<\/p>\n

You can watch the <\/span>video explanation here<\/a><\/b><\/i><\/u>
\n<\/b><\/i><\/u>
\nWe would cover the following:<\/p>\n

    \n
  1. What is OAuth?<\/a><\/li>\n
  2. How OAuth Started<\/a><\/li>\n
  3. OAuth Roles<\/a><\/li>\n
  4. The OAuth Workflow<\/a><\/li>\n
  5. Benefits of OAuth<\/a><\/li>\n
  6. What is OpenID?<\/a><\/li>\n<\/ol>\n

    <\/ins>
    \n<\/b><\/p>\n

    1.0 What is OAuth<\/h3>\n

    OAuth is an open standard for authorization which is used for access delegation. This means that users of a web application can grant an application access to their information without having to give them the login credentials.
    \nOAuth provides a secure delegated access to the user’s information on behalf of the user.<\/p>\n

     <\/p>\n

    2.0 Why OAuth was Introduced<\/h3>\n

    Before OAuth 1.0 protocol was published in 2010 access delegation was achieve by providing the third party application with your the login credentials(username and password). This creates a security challenge as there is no control of what the third party application can do with these details. OAuth was created to address this issue.
    \nSo in 2010, the OAuth 1.0\u00a0 protocol was published after a group of researcher have worked on it for about 4 years.<\/p>\n

    <\/ins>
    \n<\/b><\/p>\n

    3.0 OAuth Roles and Terminology<\/h3>\n

    Before we explain how it works, it is necessary to understand the roles associated with the OAuth architecture
    \nResource Owner:<\/i> This is the user of the resource or the owner of the account the application is requesting to access.
    \nClient<\/i>: This is the application the requests access to restricted resources.
    \nAuthorization Server:<\/i> Holds account information and used for authorisation.
    \nResource Server<\/i>: Contains secure information that need token to access
    \nAuthorization Grant:<\/i> The initial code sent to the requesting application initially. The is the same as the authorization code and is passed through the front channel(browser)
    \nRedirect URI:<\/i> This is the URI that the would be redirected to after the authorisation grant have been given to the application.
    \nAccess Token<\/i>: The token that is sent to the application and can be used to access resources.<\/p>\n

     <\/p>\n

     <\/p>\n

    4.0 The OAuth Workflow<\/h3>\n

    The OAuth workflow take the following steps to grant a delegated access to an application:<\/p>\n

    <\/a><\/div>\n

     <\/p>\n

    Step 1<\/b>: The application request for authorization for access to some resource
    \nStep 2<\/b>: The authorization server creates and displays a consent screen to the user
    \nStep 3:<\/b> If the user consents to the request, then the authorization server sends an authorisation code (authorisation grant) back to the requesting application.
    \nStep 4:<\/b> The application then requests for an access token from the authorisation server using the authorisation code
    \nStep 5:<\/b> The authorisation server identifies the application and checks if the authentication code is valid. If it’s valid, the server issues an access token to the application.
    \nStep 6<\/b>: The application can now access resources from using the access token
    \nStep 7<\/b>: If the access token is found valid, the resource server grants the resource to the application.
    \nAt this point the cycle is complete. The workflow is shown in Figure 1.<\/p>\n

     <\/p>\n

     <\/p>\n

    5.0 Benefits of OAuth 2.0<\/h3>\n

    It provides a stronger security and easier to implement
    \nIt is an open standard
    \nIt is a very robust protocol that relies on SSL (Secure Socket Layer) making data very secure
    \nAllows for expiration of authentication token which make resources more secure
    \nLogin credentials are not passed to the requesting application<\/p>\n

     <\/p>\n

    6.0 What is OpenID<\/h3>\n

    What then is OpenID?
    \nNote that OAuth is a standard for authorisation. OpenID on the other hand is used for authentication to authenticate a single-sign on identity. It is created to be used for federated authentication. This means that a third party can be used to authenticate a user if the users already have some account.
    \nWhile OAuth can be used for authentication too, that is not what it’s designed for. OpenID does that.
    \nThere comes OpenID Connect(OIDC) which is an authentication protocol based on the OAuth 2.0 and serves an authentication layer on top of OAuth 2.0.<\/p>\n

    I hope these brief explanation clarifies the concept.
    \nYou can watch the     video explanation here<\/a><\/p>\n

     <\/p>\n","protected":false},"excerpt":{"rendered":"

    My name is Kindson and in this brief, lesson I would teach you the basics of OAuth 2.0 and OpenID. You will understand what they … <\/p>\n","protected":false},"author":2,"featured_media":331,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[69],"tags":[],"_links":{"self":[{"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/posts\/27"}],"collection":[{"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/comments?post=27"}],"version-history":[{"count":12,"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/posts\/27\/revisions"}],"predecessor-version":[{"id":1105,"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/posts\/27\/revisions\/1105"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/media\/331"}],"wp:attachment":[{"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/media?parent=27"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/categories?post=27"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kindsonthegenius.com\/blog\/wp-json\/wp\/v2\/tags?post=27"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}