OAuth 2.0, but Hold the Jargon Please

OAuth 2.0, but Hold the Jargon Please

OAuth operates like Tesla's “Valet Mode”. The Tesla Owner gives the valet limited access to his/her Tesla without needing to provide the main vehicle key.

You likely have profiles on dozens of applications containing personal information. Originally siloed, these applications have become increasingly connected. Discord searches Facebook for suggested friends, Jira creates user accounts with Github profiles, and so on. This trend of applications talking to each other on your behalf is called “Delegated Access” and has become a necessary part of our online lives.

However, because of the way these applications protect their data, developers run into a challenge: how do we delegate access? Almost every application is protected by a basic username/password schema. To allow Application A to get the data it needs from Application B would require constantly logging into Application B on behalf of Application A — how unwieldy! The workaround was to give Application A the username and password credentials to log in to Application B, which was problematic for a few reasons:

  • Application A stored credentials as cleartext
  • Application A was given broad, unfettered access to Application B
  • Users could not easily revoke access for Application A
  • A compromised Application A puts Application B at risk

OAuth was formed as a solution to this Catch-22 situation: how to provide delegated access without putting the end user’s data at risk.

OAuth Protocol Flow

Consider that Teslas have a “Valet Mode” for which you need a valet keycard. This keycard informs the vehicle that it is to operate with limited functionality, restricting the max speed and acceleration and locking the trunk. This technique is conceptually identical to how OAuth operates. The Tesla Owner gives the valet limited access to his/her Tesla without needing to provide the main vehicle key.

development security contributed sponsored

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

50+ Useful Kubernetes Tools for 2020 - Part 2

Our original Kubernetes tool list was so popular that we've curated another great list of tools to help you improve your functionality with the platform.

Best Custom Web & Mobile App Development Company

Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots

How long does it take to develop/build an app?

This article covers A-Z about the mobile and web app development process and answers your question on how long does it take to develop/build an app.

Developer Career Path: To Become a Team Lead or Stay a Developer?

For a developer, becoming a team leader can be a trap or open up opportunities for creating software. Two years ago, when I was a developer, ... by Oleg Sklyarov, Fullstack Developer at Skyeng company

Offshore Software Development - Best Practices

To make the most out of the benefits of offshore software development, you should understand the crucial factors that affect offshore development.