<script type="application/ld+json">
{
 "@context": "https://schema.org",
 "@type": "FAQPage",
 "mainEntity": [{
   "@type": "Question",
   "name": "What is OAuth?",
   "acceptedAnswer": {
     "@type": "Answer",
     "text": "OAuth is an open standard for authentication. It grants secure designated access to client applications on behalf of specific resource owners."
   }
 },{
   "@type": "Question",
   "name": "How does OAuth work?",
   "acceptedAnswer": {
     "@type": "Answer",
     "text": "1. First, the user displays intent towards the consumer. Then the consumer seeks permission from the service provider and receives a token & secret. When the consumer uses the secret, the service provider can validate that the request is truly coming from the consumer application.

2. After that, the consumer redirects the user to the service provider for authorization. When the user reaches the service provider, the service provider shows the user which permissions the consumer is requesting. 

3. When the user authorizes the token, the service provider gives the consumer an access token and secret. The consumer is now able to access the protected resource."
   }
 },{
   "@type": "Question",
   "name": "What is the benefits of OAuth 2.0?",
   "acceptedAnswer": {
     "@type": "Answer",
     "text": "1. It allows users to control their data more effectively. With OAuth 2.0, users can choose which functionalities they want to grant applications access to.

2. With tokenization, it gives consumers limited access to the users’ data.

3. Tokens can be revoked in case of suspicious activity.

4. It uses SSL to ensure that data remains private between web servers and browsers."
   }
 }]
}
</script>

OAuth

What is OAuth?

OAuth is an open standard for authentication. It grants secure designated access to client applications on behalf of specific resource owners.

It even permits end users to grant third party applications limited access to their server resources without having to share their credentials with the third party application. 

As an example, you could use OAuth to let Canva.com access your Facebook profile without giving Canva.com your Facebook password. Now if Canva suffers a data breach, your Facebook password cannot be stolen by anyone with malicious intent.

OAuth is not an authentication protocol, it is an authorization protocol. It is used to allow an application to do something rather than to prove that you are the resource owner.

OAuth can be compared with a valet key for a luxury car. Unlike your regular key, the valet key imposes certain restrictions upon the way your valet driver uses your car. For example, it will only let the valet drive the car for a couple of miles, will not allow the valet to open the trunk, etc.

Similarly, OAuth allows you to give an application limited access to your resources.


How does OAuth work?

There are three parties involved in an OAuth transaction: the user (you), the service provider (Google, Facebook, etc.), and the consumer (the third party application).

This is how OAuth works:

First, the user displays intent towards the consumer. Then the consumer seeks permission from the service provider and receives a token & secret. When the consumer uses the secret, the service provider can validate that the request is truly coming from the consumer application.

After that, the consumer redirects the user to the service provider for authorization. When the user reaches the service provider, the service provider shows the user which permissions the consumer is requesting. 

When the user authorizes the token, the service provider gives the consumer an access token and secret. The consumer is now able to access the protected resource.



OAuth 1.0 vs OAuth 2.0

OAuth 2.0 is much faster than OAuth 1.0. While OAuth 1.0 only had three flows, OAuth 2.0 supports six flows and enables signed secrets over HTTPS.


The benefits of OAuth 2.0

The main advantage of OAuth is that it gives the consumer access to the resources without sharing the user’s actual credentials. Here are some of the other benefits of OAuth:

  • It allows users to control their data more effectively. With OAuth 2.0, users can choose which functionalities they want to grant applications access to.
  • With tokenization, it gives consumers limited access to the users’ data.
  • Tokens can be revoked in case of suspicious activity.
  • It uses SSL to ensure that data remains private between web servers and browsers.
About Engati

Engati powers 45,000+ chatbot & live chat solutions in 50+ languages across the world.

We aim to empower you to create the best customer experiences you could imagine. 

So, are you ready to create unbelievably smooth experiences?

Check us out!

OAuth

October 14, 2020

Table of contents

Key takeawaysCollaboration platforms are essential to the new way of workingEmployees prefer engati over emailEmployees play a growing part in software purchasing decisionsThe future of work is collaborativeMethodology

What is OAuth?

OAuth is an open standard for authentication. It grants secure designated access to client applications on behalf of specific resource owners.

It even permits end users to grant third party applications limited access to their server resources without having to share their credentials with the third party application. 

As an example, you could use OAuth to let Canva.com access your Facebook profile without giving Canva.com your Facebook password. Now if Canva suffers a data breach, your Facebook password cannot be stolen by anyone with malicious intent.

OAuth is not an authentication protocol, it is an authorization protocol. It is used to allow an application to do something rather than to prove that you are the resource owner.

OAuth can be compared with a valet key for a luxury car. Unlike your regular key, the valet key imposes certain restrictions upon the way your valet driver uses your car. For example, it will only let the valet drive the car for a couple of miles, will not allow the valet to open the trunk, etc.

Similarly, OAuth allows you to give an application limited access to your resources.


How does OAuth work?

There are three parties involved in an OAuth transaction: the user (you), the service provider (Google, Facebook, etc.), and the consumer (the third party application).

This is how OAuth works:

First, the user displays intent towards the consumer. Then the consumer seeks permission from the service provider and receives a token & secret. When the consumer uses the secret, the service provider can validate that the request is truly coming from the consumer application.

After that, the consumer redirects the user to the service provider for authorization. When the user reaches the service provider, the service provider shows the user which permissions the consumer is requesting. 

When the user authorizes the token, the service provider gives the consumer an access token and secret. The consumer is now able to access the protected resource.



OAuth 1.0 vs OAuth 2.0

OAuth 2.0 is much faster than OAuth 1.0. While OAuth 1.0 only had three flows, OAuth 2.0 supports six flows and enables signed secrets over HTTPS.


The benefits of OAuth 2.0

The main advantage of OAuth is that it gives the consumer access to the resources without sharing the user’s actual credentials. Here are some of the other benefits of OAuth:

  • It allows users to control their data more effectively. With OAuth 2.0, users can choose which functionalities they want to grant applications access to.
  • With tokenization, it gives consumers limited access to the users’ data.
  • Tokens can be revoked in case of suspicious activity.
  • It uses SSL to ensure that data remains private between web servers and browsers.
Share

Continue Reading