OAuth 2.0 Basics
How OAuth 2.0 Works
OAuth 2.0 is a protocol that lets you grant limited access to your resources without sharing your password. Instead of giving out your credentials, you use access tokens to allow applications to act on your behalf.
Access Tokens
An access token is a short-lived string that represents permission to access certain resources. Think of it as a temporary pass you give to an app so it can fetch your data safely.
- Access tokens are generated by an authorization server;
- They are sent to the client (the app that wants access);
- The client uses the token to access protected resources on your behalf.
Basic OAuth 2.0 Flow Example
Imagine you want to let a calendar app see your contacts from another service. Here is how OAuth 2.0 makes that safe:
- You open the calendar app and click "Connect Contacts";
- The app redirects you to the contacts service's login page;
- You log in and see a screen asking if you want to allow the calendar app to access your contacts;
- You approve the request;
- The contacts service sends an access token to the calendar app;
- The calendar app uses the token to fetch your contacts, without ever seeing your password.
Main OAuth 2.0 Flows
OAuth 2.0 supports several flows, but two are most common:
- Authorization Code Flow: used by web and mobile apps that can safely store secrets;
- Client Credentials Flow: used by machine-to-machine communication, where no user is involved.
These flows make sure your data stays secure and only trusted apps can access what you allow.
Danke für Ihr Feedback!
Fragen Sie AI
Fragen Sie AI
Fragen Sie alles oder probieren Sie eine der vorgeschlagenen Fragen, um unser Gespräch zu beginnen
Großartig!
Completion Rate verbessert auf 8.33OAuth 2.0 Basics
Swipe um das Menü anzuzeigen
How OAuth 2.0 Works
OAuth 2.0 is a protocol that lets you grant limited access to your resources without sharing your password. Instead of giving out your credentials, you use access tokens to allow applications to act on your behalf.
Access Tokens
An access token is a short-lived string that represents permission to access certain resources. Think of it as a temporary pass you give to an app so it can fetch your data safely.
- Access tokens are generated by an authorization server;
- They are sent to the client (the app that wants access);
- The client uses the token to access protected resources on your behalf.
Basic OAuth 2.0 Flow Example
Imagine you want to let a calendar app see your contacts from another service. Here is how OAuth 2.0 makes that safe:
- You open the calendar app and click "Connect Contacts";
- The app redirects you to the contacts service's login page;
- You log in and see a screen asking if you want to allow the calendar app to access your contacts;
- You approve the request;
- The contacts service sends an access token to the calendar app;
- The calendar app uses the token to fetch your contacts, without ever seeing your password.
Main OAuth 2.0 Flows
OAuth 2.0 supports several flows, but two are most common:
- Authorization Code Flow: used by web and mobile apps that can safely store secrets;
- Client Credentials Flow: used by machine-to-machine communication, where no user is involved.
These flows make sure your data stays secure and only trusted apps can access what you allow.
Danke für Ihr Feedback!
