Logo

dev-resources.site

for different kinds of informations.

Open Authorization 2.0 (OAuth2.0) - Authorization Code Grant

Published at
7/18/2024
Categories
webdev
authenication
openidconnect
oauth2
Author
chethankumblekar
Main Article
https://dev.to/chethankumblekar/open-authorization-20-oauth20-authorization-code-grant-42p0
Categories
4 categories in total
webdev
open
authenication
open
openidconnect
open
oauth2
open
Author
16 person written this
chethankumblekar
open
Open Authorization 2.0 (OAuth2.0) - Authorization Code Grant

Let's Consider there is an image generator-based application that generates images based on text input and finally it should be saved in some storage provider ex Google Drive. but the image generator application can't access the drive to store the image, it's not safe to provide a username and password to any third-party applications like the one above. OAuth 2.0 helps in solving the above problem.

Open Authorization 2.0 is the authorization framework that enables third-party applications to obtain limited access to an HTTP Service.
it may be on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its behalf.

Grant types in OAuth 2.0

  • Authorization Code Grant
  • Client Credentials Grant
  • Implicit Grant
  • Resource Owner Password Grant
  • Device Authorization Grant

Now, we will discuss the most famous Grant type Authorization code Grant flow

taking the above example will explain each step involved in the Authorization code grant type

First of all, for third-party (Client) applications to make use of OAuth, they need to be registered with the Authorization Server and get the client ID and secret.

  1. First, the user (Resource Owner) accesses the third-party application (Client) in our example its image generator, which will generate images based on his input. now he wants to save it to some storage say Google Storage.
    Image description

  2. now the application redirects in the browser with the client ID, redirect URI, response types ex code, and scopes.
    Image description

  3. once the authorization server/resource server gets the request authorization server will prompt for user login if there is no active session for logging in to the authorization resource/server in our case, the Google Authorization Server.
    Image description

  4. once the user logs in, the authorization server presents a consent form based on scopes requested by the client, for example writing blob to storage, reading blobs, etc.
    Image description

  5. once the scopes are granted by the resource owner, the authorization server will redirect back to the client using the redirect uri sent by the client during the initial request with the authorization code.
    Image description

  6. once the client gets the authorization code it sends the client ID and secret along with the authorization code.
    Image description

  7. once the authorization server gets client credentials along with the authorization code it responds with the access token.
    Image description

now the client will use that access token with limited privileges based on scopes It is able to access resources/execute a particular task, in our case saving the image as a blob to Google storage/Drive using google API.

oauth2 Article's
30 articles in total
Favicon
OAuth2 Scopes and Claims: Fine-Grained Access Control
Favicon
Defending OAuth2: Advanced Tactics to Block Replay Attacks
Favicon
Understanding the Differences Between OAuth2 and OpenID Connect (OIDC)
Favicon
Demystifying Social Logins: How OAuth2 Powers Seamless Authentication
Favicon
JWT vs Opaque Tokens: A Comprehensive Guide to Choosing Wisely
Favicon
OAuth2 and PKCE: Enhancing Security for Public Clients
Favicon
OAuth2 Authorization Code Grant Type: A Deep Dive
Favicon
OAuth2 in Action: Real-World Use Cases and Examples
Favicon
Advanced OAuth2: Refresh Tokens and Token Expiration Strategies
Favicon
OAuth2 Grant Types Explained: Which One Should You Use?
Favicon
Implementing OAuth2 for Microservices Authentication
Favicon
OAuth2 Client Credentials Grant Type: When and How to Use It
Favicon
OAuth2 vs. OpenID Connect: Understanding the Differences
Favicon
OAuth2: An In-Depth Overview and How It Works
Favicon
Common OAuth2 Misconceptions: Debunking Myths for a Secure Implementation
Favicon
Access Token or ID Token? Which to Use and Why?
Favicon
RFC 9068: The JWT Profile for OAuth2 Access Tokens — A Standard for Seamless Integration
Favicon
OAuth2 Demystified: An Introduction to Secure Authorization
Favicon
Cheat Sheet: Enabling HTTPS on a Fresh Laravel Sail App with MacOS
Favicon
Open Authorization v2.0 OAuth2 mikro servislar xavfsizligi
Favicon
OAuth 2 Token Exchange with Spring Security and Keycloak
Favicon
How to Secure Apache Superset with OAuth2
Favicon
Open Authorization 2.0 (OAuth2.0) - Authorization Code Grant
Favicon
Build a GPT That Talks to Your Database in One Day
Favicon
OpenID Connect Flows: From Implicit to Authorization Code with PKCE & BFF
Favicon
Client assertion in OAuth 2.0 client authentication
Favicon
Python FastAPI: Integrating OAuth2 Security with the Application's Own Authentication Process
Favicon
Call your Azure AD B2C protected API with authenticated HTTP requests from your JetBrains IDE
Favicon
Implementing SSO in React with GitHub OAuth2
Favicon
Securing Azure Functions with OAuth2 Authentication

Featured ones:

Favicon
Open
abubakersiddique761
Favicon
Open
0x3d_site
Favicon
Open
0x2e_tech
Favicon
Open
0x4c-quest
Favicon
Open
gittech