Basics of OAuth, Open Authorization

Hello Developers,

In this tutorial, we would understand everything about what exactly OAuth is, and also we would look at analogy to understand much clearly.

Let’s be frank, OAuth is ultimately known as Open Authorization. OAuth is a Standard for access delegation, commonly used for websites or applications which have to access to data of other website accounts without sharing any passwords. To speak clearly, OAuth is the access of the data from one service to another service without sharing any passwords.

Now, let’s look at an example which can make you understand much clearly,

Imagine a Rich Guy came to a Restaurant or Hotel with his dashy and expensive Car, he would then think or the Valet Guy, who can take the car keys and park the vehicle and then the valet guy does the same. Valet Guy would park the vehicle on the behalf of that Rich Guy.

Now, lets change the situation, suppose if the valet guy intends to do the malicious activities, he can then open car draws or diesel tanks or does any other such things. Then, here it would be a Problem. And as we all know, Every problem has a solution. The solution here that a car owner does is that, he would give a Valet key which has limited access to handle the Car. Valet key is the key which may have limits to access such as Start and Off the Car, which may only accessible to certain necessary things and cannot open drawers or fuel tanks as such. This would make a car owner much comfortable to handle a car in the hands of Valet Guy.

This same scenario works can explain OAuth in much clearer way,

Think of a ABC Photo Printing Service which provides service to print photos which we upload. And ourselves as a user, who may want to print photos which are uploaded in a XYZ Cloud Services, look at the following image for better imagination-

Here, a user wants to share those images stored in XYZ cloud with ABC photo printing service in order to meet his/her requirements of printing images. In General scenario, a user may share a link with photo printing service which can help to print those photos, but this makes the process much handy and inconvenient.

Here, if printing services tries to access the user’s photos which are stored in Cloud, definitely the cloud wouldn’t allow this and imagine he says like- “This is my Client’s(user’s) personal photos, who are you to access them”.

Now, let’s look at the same situation when OAuth is implemented by both the services. Here it comes, If printing services tries to access the cloud images, at first point the cloud would ask for the permission of User if the printing service would be legit to be allowed for particular accesses. And here, user would check all the permissions and if he would accept all the permissions, here OAuth comes into picture in real manner-

A token is generated on the server of Cloud services, this token has all the rules, permissions, data, secret keys, etc. needed to be accessed with the particular printing service. To know more about the token- this is none other than JWT. This token helps cloud service to provide limited access for particular user.

And hence, OAuth can be used in many of different services, which can help them to authorize the access delegations which makes the process work in smarter way.

Thank You!