Post on 15-Jul-2015
OAuth 2.0
Simplified
Presented By Vanjikumaran
Image is in this Slides are taken from the internet and the base concept taken on [1]
[1] https://www.tbray.org/ongoing/When/201x/2013/05/24/Access-Token-Hotel-Key
On the way to Vacation!
And they found the HOTEL
HOTEL has RESOURCES
Security!!
Security!!!!!!!
Security!!!!!!!!!!!!!!!!!!!!!!!
Formal Request to HOTEL
VANJI’s Identity Card
HOTEL TOKEN
Finally Vanji got Access 2 * @ HOTEL
VANJI has access to RESOURCES
VANJI has access to room
Brid view Idea!
OAuth 2 Access Token
● An OAuth 2 access token is like a hotel-
room key card. It gives access, all by itself
without further checking, to a particular
resource!
● It’s issued to a particular person, who has to
be authenticated first (like by showing my
driver’s license at the check-in.)
OAuth 2 Access Token
● Nothing on the outside tells you who it’s
been issued to or what it’s for!
● It’s issued to a particular person, who has to
be authenticated first (like by showing my
driver’s license at the check-in.)
But!! 2 friends of him next to him!
TOM borrowed the HOTEL CARD
TOM has access to RESOURCES
TOM has access to VANJIs room
OAuth 2 Access Token
● It’s not encrypted, so you have to take care
of it (if a bad guy got it and knew what it was
for, he could get into my hotel room and rob
me blind.) Check.
● You can give it to someone else and have
them access the resource for you!
REVOKE HOTEL TOKEN!!!!!!!
OAuth 2 Access Token
● If you lose it, you can go back to the issuer
and get another one which is functionally
identical.
● It expires after a while.
READ MORE on OAuth 2.0
● http://oauth.net/2/
● http://tools.ietf.org/html/rfc6749