OAuth Protocol

Let's study the OAuth protocol and learn how it works.

In the World Wide Web, the client can be a web browser, and the server can be an application server.

However, there are more complex scenarios that involve more parties. One such scenario is when a server needs a client’s authorization to retrieve the client’s data from a different server. For example, this could happen when an e-mail application wants to retrieve the email accounts of your friends in a separate social media application in order to add them to your contacts list. OAuth is a protocol that allows this to happen in a secure way.

Note: There are multiple versions of this protocol with significant changes, but we will discuss the OAuth 2.0 version in this lesson.

Entities in OAuth protocol

There are four main entities in OAuth protocol.

Resource owner

The resource owner is the person who gives access to some portion of their data.

Client

The client is the application that attempts to get access to some of the user’s data, e.g., the e-mail application in the above example.

Resource server

The resource server is the application that contains the user’s data to be accessed, e.g., the social media application in the above example.

Authorization server

The authorization server is the server that presents the interface where the user approves or denies the request to their data. In simpler cases, it can be the same as the resource server, but in more complex scenarios, it can be different.

Get hands-on with 1400+ tech skills courses.