03. Understanding OAuth 2.0: Flows, Standards, and Security Best Practices

-

 

Understanding OAuth 2.0: Flows, Standards, and Security Best Practices


Core OAuth 2.0 Specification

This RFC describes the base OAuth 2.0 protocol and includes: https://datatracker.ietf.org/doc/html/rfc6749

 

Authorization Grant

An authorization grant is a credential representing the resource owner's authorization (to access its protected resources) used by the client to obtain an access token.  This specification defines four grant types

authorization code, implicit, resource owner password, credentials, and client credentials as well as an extensibility mechanism for defining additional types.

 

1. Authorization Flows (Grant Types) 

These define how a client gets an access token:

  •  Authorization Code Grant (most secure, used with server-side apps)
  •  Implicit Grant (now discouraged, used with SPAs)
  •  Resource Owner Password Credentials Grant (discouraged)
  •  Client Credentials Grant (machine-to-machine)

 

 2. Roles 

  •  Resource Owner (the user)
  •  Client (your app)
  •  Authorization Server (e.g., Google, Cognito)
  •  Resource Server (API/resource your app accesses)

 

 3. Token Types 

  •  Access Token (used to access protected resources)
  •  Refresh Token (used to get a new access token)

 

01. Authorization Code Grant (most secure, used with server-side apps)

  1. User clicks "Login with Google" on your app.
  2. Browser is redirected to Google login screen.
  3. User logs in → Google sends an authorization code to your app.
  4. Your app sends that code to Google to get an access token.
  5. Your app now uses the access token to call Google APIs.

 

 


 

02. Implicit Grant (now discouraged, used with SPAs)

The implicit grant is a simplified authorization code flow optimized for clients implemented in a browser using a scripting language such as JavaScript.  In the implicit flow, instead of issuing the client an authorization code, the client is issued an access token directly.

  


 

03. Resource Owner Password Credentials Grant (discouraged)

  1. User enters username and password in your app.
  2. App sends those credentials to the auth server.
  3. If correct, it returns an access token.

  


 04. Client Credentials Grant (machine-to-machine)

  1. App authenticates itself with client ID and secret.
  2.  Sends a request to the auth server.
  3. Gets an access token.
  4. Uses the token to call a protected API.



Comments

Post a Comment

Popular posts from this blog

Database - Topics

-
Image
 Topics  01. Steps in SQL Query Execution 02. How does the database create a query plan 03. How Query Plan Caching Works 04. What is the need for an execution plan? 05. How Do Query/ Query Plan Execute (Inside MySQL Server) 06. Importance Of Undo Log 07. How Row Lock Is Handle When Query On The Table Row 08. Technique to recover the committed changes 09. Auditing technique 10. Query cache 11. DB connection pool 12. What is ACID? 13. Optimizing SQL queries
Read more

02. Spring – Creating spring project clone it with GIT step by step.

-
Image
  Creating spring project clone it with GIT step by step. 01. Create an empty GIT repository and select a repository name. 02.   Check to add README.md and technology to add it inside the gitignire file0- it will include all the generated class when we complete the application. 03.      Copy the github repository URL. 04 . Open eclipse and go to,             Window – Show View – Other - Type git on the folder and select git repositories. 05.   Now clone this repository at your desired location in which we are going to keep the project specific file . a)         a)  Step One.             b)  Step  Two .          c)    Step Three. Both projects are generated as bellows           d) Step Four  Open the gitingnore file and ignore the target folder of the project. All the class files which are ...
Read more

01. Steps in SQL Query Execution (MySQL)

-
Image
Steps in SQL Query Execution (MySQL) 1. Client Sends Query to Server The SQL statement is sent to the MySQL server over a connection (e.g., via JDBC or a query tool like MySQL Workbench). 2. Parser / Syntax Check The parser checks the SQL syntax.If there are any syntax errors, it throws an error immediately. 3. Pre-processor Verifies privileges and permissions for the user executing the query. Resolves object names (like table or column aliases). 4. Query Optimization The optimizer evaluates multiple strategies to execute the query. It considers: Which indexes to use. Join order (for multi-table queries). Whether to use temporary tables. Cost of different execution paths. The optimizer chooses select the most efficient query plan (Cost effective -> memory, CPU etc). 5. Query Execution Plan (Most cost effective query plan) The query plan is a blueprint of how MySQL will fetch the data. You can view this with the EXPLAIN keyword in front of your query. 6. Query Execution The storage e...
Read more