DEV Community

Cover image for 0auth v.2(Token) #QuickReview

0auth v.2(Token) #QuickReview

feco2019 profile image Dimitris Chitas ・2 min read

Good Morning guys. I was trying to find a good,quick and understandable example,to analyse the 0auth model(token).

After a lot of frustrated documentation,i get inspired from a youtube video that's not saying more than you need to understand for the workflow.

Let's start 0auth token is a way to authorize user's access resources which are protected from the resource owner.
They are suggested because they are more confidential than the classic model that we use all this years with the simple authentication wich was authorizing the front-user to access the end-user stuff(database,resources,priviligies,etc)

Lets see an image how that works and after that i will describe you a small example to capture it better in your mindset

This is the basic flow let's understand it a bit.

As a client i am trying to prove who am i to the owner's resources,
if am the right person the server gives me permission and then with that kind of permission(Authorazation Grant) i am sending back to the server a request to create me a token,

the server sends me the token and with that token i am requesting again to access the protected routes/resources

Lets see now the example that inspired me for this section

I am going vacation somewhere and i rent a hotel.
To recieve a key from the receptionist, i showed to him my ID credentials,as also gave my credit card.
The receptionist gave me back a keycard.Then i took this card and i went toward to my room,i swipped my card and of course i get in my room.
So the keycard is the like an 0auth token, an access token just says wether or not, the bearer of the token is allowed to access the thing they are trying to access,in this case the hotel room.
The door doesn't care who i am.
It doesn't need to know my name or any unique identifier it just needs to know whether or not this card is allowed to acces this door at this time.So to recap the card doesn't care about me but when it needs to give me access to the (resource/"room") 0auth is exactly the same thing.

Take a look of OktaDev video :

Have a nice workday guys, in case for further explanation do not hesitate to contact me or find me in github or linkedin.
GitHub :
Linkedin :

Discussion (0)

Editor guide