What is OAuth

Bharath Thippireddy
A free video tutorial from Bharath Thippireddy
IT Architect and Best Selling Instructor- 300000+ students
4.4 instructor rating • 25 courses • 322,991 students

Learn more from the full course

Java Web Services

Learn how to design,create , consume and secure SOAP and REST web services from scratch in easy steps.

13:21:44 of on-demand video • Updated June 2020

  • Understand why web services are so popular
  • Understand the different types of WS Design
  • Use Apache CXF the Popular WS Stack
  • Implement Contract First and Code First Web Services
  • Develop a Web Service Consumer
  • Secure Web Services using the WS-Security Standard
  • Implement SOAP Attachments
  • Master the REST web service concepts and Implementation
  • Create different types of REST Clients
  • Secure Rest Services
  • Handle Errors In REST
  • Develop Asynchronous Web Services
  • Jersey REST Quick Start
  • Spring MVC REST Quick Start
  • Learn all the important web services interview Questions and Answers
  • All in short simple and easy steps
  • Use REST Attachments
English From this three part series, you will master the concepts of the OAuth standard. The first one introduces you to what OAuth is. The why and when to use Oauth are dealt within little more detail in the second one. And in the final installment, you will see the entire workflow of OAuth and the various roles in the OAuth standard. When we access a secured web application, it first verifies our identity by logging us in and then it ensures that we have access only to that data or functionality in the application which we are authorized for. So the basic requirements are identity and permissions or authentication and authorization. REST applications are lightweight applications and are no exception to this kind of access. OAuth is a authentication and authorization standard which allows an application to gain access to user's data within an other application without knowing the user's user ID and password for the second application. Here, the user who is using application A and application A wants to get some data which application B has which is for the user. Instead of the user sharing his user ID and password of application B with A, through OAuth, application A will redirect the user to application B where he will log in. And from that point in time, application B we will share a security token with application A using which these two communicate and application A will get all the data which it requires from application B. This process of logging in and getting authorized, this entire work flow is covered in the OAuth standard. Lets take an example. Let's say you are watching technical videos or reading articles on a popular website like bharaththippireddy.com or JavaWorld.com, and you want to voice your opinion on an article in its comments section. To do this, JavaWorld want you as an end user to authenticate first by logging in, instead of you registering on JavaWorld, JavaWorld will use the services provided by Google because most of us has a Google login. It will redirect you to a Google login page, where you will login and then from that point, JavaWorld and Google will communicate to see if you are really a user of Google. This process of one application using another application to login or to authenticate is called Federated authentication, and it is one of the important pieces of the OAuth standard. The second important terminology is Delegated Authorization. Let's say you have used a website that allows you to file your income tax returns online and at the end of it produces a bunch of tax return documents which it allows you to save to your Google Drive. You as an end user, instead of sharing your Google username and password with the tax website, you are redirected, this tax website using OAuth, it will redirect you to the Google page, login page. You will enter your Google username and password and from that point the tax website will be able to access your Google Drive through Google's security token and it can only access your Google drive and not your Google mail and Google Docs. This process of authorization is called delegated authorization because this tax website is delegating their authorization process or you as an end user is delegating the authorization process to an other application. OAuth is a standard that defines the rules so that any application can be a part of this entire flow to do the Federated authentication and delegated authorization. That is a user grants access to an application to perform actions on the user's behalf and the application can only perform those actions which, you the user authorizes it to do. The current version of OAuth, if you google for it, OAuth 2. So if you go to the oauth.net, you'll see that OAuth 2 is the current version and it is a very popular version. So it's that simple. To summarize, in this lecture you have learned that OAuth provides one application access to another application which has the end user's data and this entire process can be put into two terms called Federated authentication and Delegated authorization and applications will be only able to access that part of data in an other application which the user wants it to access. You have also learned what Federated authentication is and Delegated authorization is.