𝗢𝗔𝘂𝘁𝗵𝟮.𝟬 — 𝗦𝗶𝗺𝗽𝗹𝗲, 𝗳𝘂𝗻𝗻𝘆 𝗲𝘅𝗽𝗹𝗮𝗻𝗮𝘁𝗶𝗼𝗻 𝗳𝗼𝗿 𝗲𝘃𝗲𝗿𝘆𝗯𝗼𝗱𝘆

𝗢𝗔𝘂𝘁𝗵 𝟮.𝟬 𝗶𝘀 𝘁𝗵𝗲 𝗶𝗻𝗱𝘂𝘀𝘁𝗿𝘆-𝘀𝘁𝗮𝗻𝗱𝗮𝗿𝗱 𝗽𝗿𝗼𝘁𝗼𝗰𝗼𝗹 𝗳𝗼𝗿 𝗮𝘂𝘁𝗵𝗼𝗿𝗶𝘇𝗮𝘁𝗶𝗼𝗻, 𝗲𝗻𝗮𝗯𝗹𝗶𝗻𝗴 𝗮𝗽𝗽𝘀 𝘁𝗼 𝗮𝗰𝗰𝗲𝘀𝘀 𝘂𝘀𝗲𝗿 𝗿𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀 𝘀𝗲𝗰𝘂𝗿𝗲𝗹𝘆 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝘀𝗵𝗮𝗿𝗶𝗻𝗴 𝗽𝗮𝘀𝘀𝘄𝗼𝗿𝗱𝘀. It’s what powers “Login with Google/Facebook” and similar flows, giving apps limited, consented access to your data.

Goal Implement Security OAuth2 for an application.

What is our point of the consideration?

· Resource Owner: User which uses our public client application

· Public Client: Public client application

· Resource Server: Server which hold protected data

· Resources: Protected data

· Authorization Server: Server which provides access tokens for security communication

Press enter or click to view image in full size

(1) I want to access my resources

(2) Tell the Authorization Server that you are fine to do this action

(3) (3.1) & (3.2) Hello Authorization Server, please allow the client to access my resources. Here are my credentials to prove my identity and code challenge generated by client application along with client id.

(4) Hey Client, User allowed you to access his resources. Here is AUTHORIZATIN CODE.

(5) Here is my client id, code verifier, AUTHORIZATION CODE. Please, provide me a token.

(6) Here is the toke from Authorization Server

(7) Hey Resource Server, I want to access the user resources. Here is the token from Authorization Server

(8) Resource server validate token on the Authorization Server

(9) Authorization server validate token

(10) Hey Client, your token is validated successfully. Here are the resources you requested.

𝐌𝐢𝐥𝐚𝐧 𝐊𝐚𝐫𝐚𝐣𝐨𝐯𝐢ć

𝐏𝐨𝐫𝐭𝐟𝐨𝐥𝐢𝐨: https://milan.karajovic.rs

𝐅𝐨𝐥𝐥𝐨𝐰 𝐦𝐞 on 𝐋𝐢𝐧𝐤𝐞𝐝𝐈𝐧: https://lnkd.in/e3cH854Q