Valet parking with limited keys
Day 6 of 149
π Full deep-dive with code examples
The Valet Parking Story
You go to a fancy restaurant. You don't want to find parking yourself.
The valet asks for your car key. But you're worried: what if they open your trunk? What if they steal your expensive sunglasses?
Solution: Valet Key!
A special key that:
- β Starts the car
- β Moves it short distance
- β Can't open trunk
- β Can't open glove box
OAuth is a valet key for websites!
The Real Problem
You want to use an app that posts to Twitter for you.
Bad way: Give the app your Twitter password π±
- They could read all your DMs
- They could change your password
- They could do anything!
Good way: OAuth π
- App asks Twitter for limited access
- Twitter asks YOU: "Allow this app to post for you?"
- You say yes
- App gets a special "key" (token) that can post within the permissions you approved (as enforced by Twitter)
- The app doesn't need your password
The Flow
1. App: "I need to post for this user"
β
2. Twitter: "User, do you allow this?"
β
3. You: "Yes, allow posting"
β
4. Twitter β App: "Here's a limited token"
β
5. App uses token to post
In One Sentence
OAuth lets apps access your accounts with limited permissions, without needing your password.
Note: OAuth is mainly for authorization (what an app can do). βContinue with Googleβ typically uses OpenID Connect, which is built on top of OAuth.
π Enjoying these? Follow for daily ELI5 explanations!
Making complex tech concepts simple, one day at a time.
Top comments (0)