ПІДТРИМАЙ УКРАЇНУ ПІДТРИМАТИ АРМІЮ
Uk Uk

Open Authorization 2.0 (OAuth2.0) - Authorization Code Grant

Open Authorization 2.0 (OAuth2.0) - Authorization Code Grant

Open Authorization 2.0 is the authorization framework that enables third-party applications to obtain limited access to an HTTP Service

Let's Consider there is an image generator-based application that generates images based on text input and finally it should be saved in some storage provider ex Google Drive . but the image generator application can't access the drive to store the image, it's not safe to provide a username and password to any third-party applications like the one above. OAuth 2.0 helps in solving the above problem.

Open Authorization 2.0 is the authorization framework that enables third-party applications to obtain limited access to an HTTP Service.

it may be on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its behalf.

Grant types in OAuth 2.0

  • Authorization Code Grant
  • Client Credentials Grant
  • Implicit Grant
  • Resource Owner Password Grant
  • Device Authorization Grant

Now, we will discuss the most famous Grant type Authorization code Grant flow

taking the above example will explain each step involved in the Authorization code grant type

First of all, for third-party (Client) applications to make use of OAuth, they need to be registered with the Authorization Server and get the client ID and secret.

  1. First, the user (Resource Owner) accesses the third-party application (Client) in our example its image generator, which will generate images based on his input. now he wants to save it to some storage say Google Storage.

    Image description
  2. now the application redirects in the browser with the client ID, redirect URI, response types ex code , and scopes.

    Image description
  3. once the authorization server/resource server gets the request authorization server will prompt for user login if there is no active session for logging in to the authorization resource/server in our case, the Google Authorization Server.

    Image description
  4. once the user logs in, the authorization server presents a consent form based on scopes requested by the client, for example writing blob to storage, reading blobs, etc.

    Image description
  5. once the scopes are granted by the resource owner, the authorization server will redirect back to the client using the redirect uri sent by the client during the initial request with the authorization code.

    Image description
  6. once the client gets the authorization code it sends the client ID and secret along with the authorization code.

    Image description
  7. once the authorization server gets client credentials along with the authorization code it responds with the access token.

    Image description

now the client will use that access token with limited privileges based on scopes It is able to access resources/execute a particular task, in our case saving the image as a blob to Google storage/Drive using google API.

Ресурс : dev.to


Scroll to Top