Introduction to OAuth and OAuth Flow

What is OAuth

OAuth is a delegated authorisation protocol that allows users to share information between services without exposing their password.

An example of OAuth can be a website or an application asking their users to register or login via some other applications like google, Github, etc.

Main motive of using OAuth is to provide authorisation and not authenticating the users.

OAuth Flow

In OAuth we deal with three interfaces -

1. Browser application
2. Server
3. OAuth Provider

Below is how OAuth flow works we can take example of logging in with google,

1. In our application or website in the browser we choose to sign in with google.

2. The login router passes the instruction to the OAuth middleware which is middleware performing operation like providing the correct strategy based on our OAuth service provider, granting tokens, attaching the user information with the current session, etc.

3. When permission is granted from the consent screen by the user an access token is generated.

4. The access token is passed to the authorisation server which provides user information if the access token passed is correct.

5. The response from the OAuth provider server is passed into our callback function and profile data can be extracted from it.

6. After we have the profile data we can provide authorise to the user or store data in our local database, etc.

👏 Thanks For Reading the article !