OAuth, what is it?
OAuth stands for āOpen Authorizationā. It allows an access delegation of user authentication to the service that hosts the user account and authorizes third-party applications to access the user account without giving them the passwords.
While there are two versions of OAuth: OAuth 1.0 and OAuth 2.0, OAuth 2.0 is the most widely used version. Despite the name, OAuth 2.0 is not backward compatible with OAuth 1.0.
OAuth 1.0
OAuth 1.0 is not a browser based, which means it redirects the user to the service providerās website to authorize the application. It uses a signature method to sign the request. The signature is generated by combining the request parameters with a shared secret key. The signature is then sent with the request to the service provider. The service provider then verifies the signature and grants the access authorization. The user is then redirected back to the application with the access token. The application exchanges the access token for the userās authentication. The application is now granted the access token and can create a connection
As OAuth 1.0 requires cryptographic signatures, the complexity of the implementation is higher than OAuth 2.0. It also requires the user to be redirected to the service providerās website to authorize the application, which can be a bit annoying for the user.
OAuth 2.0
Most modern applications use OAuth 2.0, as OAuth 1.0 has deprecated. While a client generated a signature on every API call, and the receiving server granted access based on the signature, OAuth 2.0 uses a token-based approach. The client requests an access token from the authorization server. The authorization server authenticates the client and issues an access token. The client then uses the access token to access the protected resources hosted by the resource server. The resource server validates the access token and grants the access to the client.
