Overview
This lesson gives you a brief overview of the course.
We'll cover the following
Why this course?
Oauth2 is one of those topics where people have no clue where to start. The purpose of this course is to get you familiar with what Oauth2 is and how it works.
Who should take this course?
Anyone familiar with basic web services can take this course.
What is Oauth2?
Oauth2 is an industry-standard protocol for authorization, which basically means that it checks if you, the user, have access to a resource given your user level.
For example, only editors have access to the edit panel of a post in your app. Oauth2 allows you to verify that a user X is of type OAUTH2_POST_EDITOR. It’s a way of implementing a so-called access control list.
Oauth2 does not do any authentication checks (in its original form) to verify a user’s identity. Therefore, it’s up to you to figure out how to authenticate a user.
For example, with a short enough expiration time of your JWT token, you might ask your users for a password every 5 or 10 minutes. This is what banks do to ensure that it’s still user X who is in front of the keyboard and not someone else.
What problems does Oauth2 try to solve?
Oauth2’s main purpose is to allow third-party applications to log in a user on your app. However, it allows authorization and authentication (through password grant) in contexts where you need to decouple the front-end side from the backend side, embracing the REST architecture.
As it is evident from the above illustration that a client application first gets an authorization grant from the User which is then sent to the Authorization server. The Authorization server returns an access token to the Client Application which is used for getting a protected resource from the Resource server.