have a nice weekend! I will write about the Oauth protocol. What is Oauth and how it works? What are the protocols based on Oauth 2.0?
What is Oauth Protocol?
Open Authorization, it is the protocol that handles the authentication process between applications. It works not only on websites, it also works on desktop apps and mobile apps. Oauth protocol contains "Access token - dataset" SID and user settings. When you want to register with another application or want to log in another app, your information will be securely shared with the third party applications.
How Oauth Works?
Let's say you want to sign up for log in to a website, using your google account.
https://developers.google.com/identity/protocols/oauth2?csw=1
Click on "Sign in with Google"
Authorization
Site asks you for authorization to use information that registered on the Oauth Protocol.
Authorization Grant
When you approve it, "medium" will get authorization
Access Token Claim
With your permission, "medium.com" wants "access token" from Resource Server and access token will be given from the server to the client when its validity verified. This is an example of a successful attempt:
Kod:
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3",
"token_type":"bearer",
"expires_in":3600,
"*******_token":"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk",
"scope":"create"
}
What if the answer failed?
In such cases, an error response must return us. It is under the heading "error and error_description".
invalid_request: The request is missing a required parameter, includes an invalid parameter value, or is otherwise malformed.
invalid_client : The submitted request is invalid.
invalid_grant : If the authorization code is invalid or expired, this is the message that will return to you.
unauthorized_client : The client is not authorized to request an authorization code using this method.
Generally, they return with the Http 400
The protocols based on Oauth 2.0:
OpenID Connect
UMA 2.0
IndieAuth
OpenID Connect
OpenID Connect is an authentication layer on top of OAuth 2.0, an authorization framework. The standard is controlled by the OpenID Foundation.
https://youtu.be/Kb56GzQ2pSk
UMA 2.0
UMA is an OAuth-based access management protocol standard. Version 1.0 of the standard was approved by the Kantara Initiative on March 23, 2015. The purpose of the protocol specifications is to enable a resource owner to control the authorization of data sharing and other protected-resource access made between online services on the owners behalf or with the owners authorization by an autonomous requesting party.
IndieAuth
IndieAuth is a standard decentralized authentication protocol that uses OAuth 2.0 and enables services to verify the identity of a user represented by a URL as well as to obtain an access token that can be used to access resources under the control of the user.
btw take a look at this: https://oauth.net/code/
source: https://www.turkhackteam.org/web-server-guvenligi/1903464-nedir-bu-oauth-protokolu-creative.html
Translator: dRose98