OAuth

OAuth 2.0 is an open authentication protocol which enables applications to access each other’s data; for example, it enables a user to login to a single application (e.g. Google, Facebook Foursquare, Twitter etc.) and share the data in that application with other applications.

 

OAuth 2.0 is the next evolution of the OAuth protocol and is not backward compatible with OAuth 1.0.

Principle:

Example of how OAuth 2.0 is used to share data via applications

When a user accesses the game web application, he/she is asked to login to the game via Facebook. The user logs into Facebook and is sent back to the game. The game can now access the user’s data in Facebook, and call functions in Facebook on behalf of the user (e.g. posting status updates etc.).

OAuth 2.0 can be used either to create an application that can read user data from another application (e.g. the game in the diagram above) or an application that enables other applications to access its user data (e.g. Facebook in the example above).

 

OAuth 2.0 Roles

Resource Owner

The resource owner is the person or application that owns the data that is to be shared. With reference to the above example, the Facebook user is the resource owner.

Resource Server

The resource server is the server hosting the resource. Facebook server is the resource server in the above example.

Client Application
The client application is the application requesting access to the resources stored on the resource server. Here, the game application requesting access to the user’s Facebook account is the client application.

Authorization Server

The authorization server is the server authorizing the client app to access the resources of the resource owner. The authorization server and the resource server may or may not be the same server.