Introduction to OAuth

OAuth is an open standard for authorization of websites and applications. It provides these applications with a simple, secure way allow their users to access their data.

For example, let’s say you are a developer building an application. OAuth allows you to delegate the authorization. There are many websites and mobile applications that use Facebook or Google to authentication users. This is done through OAuth.

OAuth has many benefits. The framework does not use passwords in its authentication, which is useful as 3rd party applications do not need to store and protect passwords. Users can also revoke access easily.

The setup process for a website or application is something like as follows:

The website needs to first register with the authorization service, e.g. Facebook. They provide information including what the app is and the URL it will route to once the authorization is complete. This is called the Callback URL.
The authorization service, i.e. Facebook, will then provide the website with a Client ID and a Client Secret. The Client ID is a public id that tells Facebook which application is calling its authorization service. The Client Secret is a private secret that confirms the identity of the website application.

Once set up, the sequence of events from a user request is something like below:

User goes to website and is presented with a login choice, e.g. login via Facebook. User selects this option.
User is presented with a login screen from Facebook. User enters username and password. If the user has already authenticated via Facebook previously, the login will not be presented.
User is presented with a screen that asks if you would like to grant permission to the website to access Facebook information. This amount of information can vary. The user accepts.
Facebook sends an authorization code saying the user has granted access.
The website now sends a request to get an access token to Facebook.
Facebook returns this request with an access token for the user of the website. The token will be used to get specific data that the user granted permissions to above.
The website now sends a request to Facebook to get the actual data. This includes the access token, so Facebook knows the request is legitimate.
Facebook returns with the user’s specific data.

OAuth is now at version 2.0.

THANKS FOR READING. BEFORE YOU LEAVE, I NEED YOUR HELP.

I AM SPENDING MORE TIME THESE DAYS CREATING YOUTUBE VIDEOS TO HELP PEOPLE LEARN THE MICROSOFT POWER PLATFORM.

IF YOU WOULD LIKE TO SEE HOW I BUILD APPS, OR FIND SOMETHING USEFUL READING MY BLOG, I WOULD REALLY APPRECIATE YOU SUBSCRIBING TO MY YOUTUBE CHANNEL.

THANK YOU, AND LET'S KEEP LEARNING TOGETHER.

CARL

https://www.youtube.com/carldesouza

ABOUT CARL DE SOUZA

Carl de Souza is a developer and architect focusing on Microsoft Dynamics 365, Power BI, Azure, and AI.

carldesouza.com | LinkedIn | Twitter | YouTube

Facebook

Twitter

mie sedaap perayaan kampus April 25, 2024 at 5:50 am on 5 Cool Early Access Features for Power Platform 2023 Release Wave 1Hi, i think that i saw you visited my blog so i came to “return the favor”.I'm trying to find
Skinfix Skin tag April 24, 2024 at 3:02 pm on Filtering Lookup Fields in Dynamics 365Introduction: Skin tags are a common occurrence, characterized by small, benign growths on the skin's surface. While they are harmless,
Carl April 23, 2024 at 7:49 pm on Using the Dataverse REST Builder to Build REST RequestsThanks for the update, Guido!
Carl April 23, 2024 at 7:41 pm on Integrating Power BI Reporting with Dynamics 365 (2024)Ed, this is a really good call-out, thanks for mentioning this. Hopefully I can get a trial spun up at
Ed April 23, 2024 at 12:20 pm on Integrating Power BI Reporting with Dynamics 365 (2024)Hey Carl! Great blog - really clear and informative. While only relevant for Premium/Fabric SKUs, I wonder whether adding a

Related Posts:

Leave a Reply Cancel reply