OAuth 2.0 Tutorial and CheatSheat having OAuth Actors, Grant Types, Flows and OAuth Endpoints
https://helpercodes.com/oauth-2-0-tutorial-what-is-oauth-2/
Suppose you want to use a great new third party application for Emails that has many awesome features you want. However, this new email application will need access to your Gmail emails in order to work.
Would you give you Gmail password to this third-party application? No.
So, how can this third-party app access our Gmail emails without getting your password?
OAuth 2.0 is one way.
Instead of providing your credentials to this third-party app, you will be redirected to Google OAuth Server. This OAuth Server will accept your Gmail credentials and provide a temporary Access Token to the Third-party app.
Now the third-party app can use this Access Token and access only your Gmail emails. The app cannot use this token to access any other data like your Google Drive. Also this Access Token has a validity after which the token will expire and will have to be re-generated.
OAuth Actors and their Role Table View
Resource Owner
- owns resources – like email
- owns login credentials
- delegates access to Third-party application
Client (Third-party application)
- wants to get access to resources to provide some functionality
- holds access tokens
- ideally should not hold password of resource owner
- identified via ClientI D and Client Secret
OAuth Servers
- Login Page component
- LDAP Server to validate user password
- Consent Page component
- Token Database component
- Exposes 2 enpoints
Resource Server
- Holds Resources
- Protects Resources – via direct password by user
- Protects Resources – via OAuth Access Tokens by Third Party Apps