Sunday, May 28, 2017

OAuth : Securing Your Application

These days you see this everywhere












i.e. different ways to login to your website. In this post I plan to have a closer look at this.

What is OAuth ?
It stands for Open Authorization.
Its a framework for two websites to talk to one another. It is a security protocol that enables users to grant third-party access to their web resources without sharing their passwords.

It helps one to deal with
  1. Authentication : User Sign In
  2. Authorization : Secured Data : granting access to my data for this website







What are tokens ?
They are kind of alpha numeric strings



Why Not Use Username and passwords instead of tokens ?
Answer : To give specific access instead of full acess


After some time or on some other conditions the access to these tokens can be revoked.

There are like
  1. Access Tokens
  2. Refresh Tokens
There is a lot going on below the hood for these tokens.
But Passport (Node.js) has strategy to deal with all this
  • Passport-Google
  • Passport-Twitter
  • etc
Good Article
https://hueniverse.com/introducing-oauth-2-0-b5681da60ce2


No comments: