Servage Magazine

Information about YOUR hosting company – where we give you a clear picture of what we think and do!

Learn about OAUTH

Thursday, July 20th, 2017 by Servage

oauthOAuth is an authorization standard that can be found on websites, APIs, web applications built with React or AngularJS and more. OAuth is often used to let other websites access user information on another website. OAuth can be used for various types of authorization, so let’s see how it works in more detail.

Why OAuth?

As mentioned previously, OAuth gives a website access to a user’s profile information on another website. When you sign up on a website, you have likely seen the option to sign up using your Google, Facebook or other account. In these cases, the signup process is handled by OAuth and your personal information, such as your name and email address is sent from Google or Facebook to the website your are signing up on.

The benefit of signing up, and also signing in, is that you don’t have to give or create a new password on the website. It is also easier and faster to sign up through for example Google than to create a new account and verify its email address.

How it Works?

Before we get into the details of how OAuth works, it should be noted that there are two versions of OAuth: 1 and 2. The implementation of these two differ quite a bit, and in this article we will be focusing on OAuth 2. The OAuth 2 standard can be used in multiple ways. The scenario of signing up is quite common, so we will cover it in this article.

Let’s imagine we are working on a website that uses OAuth 2 to allow users to sign up using their Google account. The first thing we should do is register with Google as a way to sign up. These are sometimes called apps. To register a new app, we have to store some information about it, such as a name, logo and a login URL. The URL will be used to redirect the user to Google for authorization.

When we do this, we receive back a client ID and client secret from the Google’s authorization server. The client ID is is used to create login URLs and is therefore public. However, the secret should be kept secret.

When this is done, we are ready to let users sign up using their Google accounts. We can now create a “Sign up using your Google account” button that will redirect to the login URL we stored when we created the app. The login URL contains the client ID and a URL where the user will be redirected after authorization.

Next, Google will ask the user if they want to provide some information to our website. If the user allows this, they will be redirected back to our website with an authorization code. The last step is to exchange this authorization code for an access token. This can be done by sending a POST request to the Google’s authorization server. When this is done, we will receive back an access token that we can use in our application for the user.

Since OAuth 2 is a rather big and advanced topic, this is by no means a complete walkthrough of setting up OAuth 2 authorization on a website. However, it should have given you an idea of how the standard works and given you a good starting point if you want to implement it on your website.

Learn about OAUTH, 3.8 out of 5 based on 4 ratings
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

No comments yet (leave a comment)

You are welcome to initiate a conversation about this blog entry.

Leave a comment

You must be logged in to post a comment.