OAuth 2.0 Tutorial
OAuth 2.0 Introduction
OAuth 2.0 Overview
OAuth 2.0 Roles
OAuth 2.0 Client Types
OAuth 2.0 Authorization
OAuth 2.0 Endpoints
OAuth 2.0 Requests and Responses
   Authorization Code Grant
   Implicit Grant
   Resource Owner Credentials
   Client Credentials
 


OAuth 2.0 Tutorial

Connect with me:  
  Jenkov.com - News

OAuth 2.0 is an open authorization protocol which enables applications to access each others data. For instance, a game application can access a users data in the Facebook application, or a location based application can access the user data of the Foursquare application etc.

Here is a diagram illustrating the concept:

Example of how OAuth 2.0 is used to share data via applications.
Example of how OAuth 2.0 is used to share data via applications.

The user accesses the game web application. The game web application asks the user to login to the game via Facebook. The user logs into Facebook, and is sent back to the game. The game can now access the users data in Facebook, and call functions in Facebook on behalf of the user (e.g. posting status updates).


OAuth 2.0 Use Cases

OAuth 2.0 can be used either to create an application that can read user data from another application (e.g. the game in the diagram above), or an application that enables other applications to access its user data (e.g. Facebook in the example above).

OAuth 2.0 is a replacement for OAuth 1.0, which was more complicated. OAuth 1.0 involved certificates etc. OAuth 2.0 is more simple. It requires no certificates at all, just SSL / TLS.


OAuth 2.0 Specification

The purpose of this tutorial is to provide an overview of the OAuth 2.0 protocol that is easy to understand. It is not the purpose to describe every detail of the specification, though.

If you plan to implement OAuth 2.0 you will most likely need to visit the specification to study it in full detail. You can find the specification here:

http://tools.ietf.org/html/draft-ietf-oauth-v2-23


Table of Contents

Here is a list of the topics covered in this OAuth 2.0 trail. This list (menu) is also present at the top left of every page in the trail.

OAuth 2.0 Tutorial
OAuth 2.0 Introduction
OAuth 2.0 Overview
OAuth 2.0 Roles
OAuth 2.0 Client Types
OAuth 2.0 Authorization
OAuth 2.0 Endpoints
OAuth 2.0 Requests and Responses
   Authorization Code Grant
   Implicit Grant
   Resource Owner Credentials
   Client Credentials
 

Feel Free to Contact Me

If you disagree with anything I write here about the OAuth 2.0 tutorial, or just have comments, questions, etc, feel free to send me an email. You wouldn't be the first to do so. You can find my email address on the about page.

Connect with me:
     
Newsletter - Get all my free tips!