OAuth Simplified

-
In my earlier post we saw what is SAML. Basically it works on the HTTP i.e. for webpages and etc. 
But what if you wanted have SSO on an app, for example on a Mobile App? There are work arounds to implement SAML but the straight forward way of doing it would be to use OAuth, a recent boy in neighbourhood which unlike SAML which is older than 6 years, is designed considering the future, of native apps and mobile apps. 

As usual the definition is 


OAuth is an open standard for authorisation. OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end-user). It also provides a process for end-users to authorise third-party access to their server resources without sharing their credentials (typically, a username and password pair), using user-agent redirections.

Please observe the definition, it says Authorisation and not Authentication!

What it means is that if you have an app on your phone and would like it be able to 

OAuth 2.0 is a relatively simple protocol. To begin, you register your application with Google. Then your client application requests an access token from the Google Authorisation Server, extracts a token from the response, and sends the token to the Google API that you want to access.

From Googles doc we see this
OAuth 2.0 is a relatively simple protocol. To begin, you register your application with Google. Then your client application requests an access token from the Google Authorization Server, extracts a token from the response, and sends the token to the Google API that you want to access.



So its basically a user trying to use a web or a standalone mobile or desktop app, which first requests permission from Google servers, and once the user approves this app, the app can fetch resources from the service provider .

One very nice def to lookup is in here.

This is what OAuth does, it allows you the User to grant access to your private resources on one site (which is called the Service Provider), to another site (called Consumer, not to be confused with you, the User). 

 At this point in time I would like to give some relief to those who haven't understood it still, relax, seems like Oauth will be obsolete soon.   

Popular posts from this blog

Ansible - Error - stderr: E: There are problems and -y was used without --force-yes

-
Image
In case your tasks is to install some packages and it errors out as below - name: Install linux-headers apt: pkg={{item}} state=installed install_recommends=yes update_cache=yes with_items: - linux-headers-generic - dkms sudo: yes failed: [parallelsUbuntu] => (item=linux-headers-generic,dkms) => {"failed": true, "item": "linux-headers-generic,dkms"} stderr: E: There are problems and -y was used without --force-yes stdout: Reading package lists... Building dependency tree... Reading state information... The following extra packages will be installed:   cpp fakeroot gcc libfakeroot linux-headers-3.13.0-63   linux-headers-3.13.0-63-generic patch Suggested packages:   cpp-doc dpkg-dev debhelper gcc-multilib manpages-dev autoconf automake1.9   libtool flex bison gdb gcc-doc diffutils-doc The following NEW packages will be installed:   cpp dkms fakeroot gcc libfakeroot linux-headers-3
Read more

Error: SMTPIN_ADDED_BROKEN@mx.google.com

-
Some times we see the below in the email header information. SMTPIN_ADDED_BROKEN@mx.google.com The cause of the "...SMTPIN_ADDED_BROKEN@mx.google.com" is because of the 'https://' in the original Message-ID, which is not allowed. There could be some dodo systems which might be doing this and they would need to be tweaked to now allow message-id (see my earlier posts on what it means) and to have https!
Read more