Understand what OAuth is...
What is OAuth?
OAuth is an open standard authorization protocol. It enables your account information to be obtained by third-party services.
Without exposing user credentials, OAuth provides an access token and a refresh token for third-party services. The Access Token can be used to retrieve resources from the resource server and it is short-lived. The Refresh Token can be used to get a new Access Token when needed and it is long-lived.
OAuth has many different workflows like Authorization Code flow, Client Credentials flow (Machine to Machine), Resource Owner Password flow and etc.
Today, we are going to discuss the Authorization Code flow:
User clicks Login with Google (let’s say we are using Google for OAuth) on your website
Your website will be redirected to Google Authorization Page
User clicks Authorize button on the page and grants the permission to you
Google returns an authorization code to your website
Your website now can exchange tokens with Google by using the Client ID, Client Secret, and Authorization Code
Google will validate the Client ID, Client Secret, and Authorization Code
If everything goes well, Google will return an AccessToken and a RefreshToken to your website
Now, you can use the AccessToken to request resources from Google’s services and refresh your AccessToken by using RefreshToken if needed
Last time, we discussed the JWT token and JWT use case. Authorization and Authentication is one of the use cases. JWT can be used as AccessToken on the OAuth use case.
Understand more about JWT: What is JWT?
Thanks for reading Awesome Software Engineer! Subscribe for free to receive new posts and support my work.