Introduction of Open Authentication

Introduction
Open Authentication or OAuth is an open protocol that allows web, mobile or desktop applications to authenticate a user based on the credentials(user name and password) provided by a third party service such as Google or Microsoft. It provides a simple and secure way for applications to provide access to their resources and for the users to share only the data that they want to with security.

How OAuth Works
In a traditional Client — Server environment if a user wishes to access the server resources, then he needs to register and then authenticate himself using the credentials (username and password) provided during registration. Inan OAuth Environment, the client does not interact with the server directly instead he authenticates himself to a third party OAuth provider such as Google or Facebook. The third party then access the server’s resources on behalf of the client.

Some well-known OAuth Providers are:

  1. Microsoft
  2. Google
  3. Twitter
  4. Facebok

To make an OAuth application to work it must initially be registered with an OAuth Provider. After registering a Token and a Key is provided which will be used by the application to access their resources. An application can implement multiple OAuth options at once.

Advantages of OAuth
Registering to web sites is made easy: When you need to register into a site to access it’s information, if the site supports OAuth, you don’t need to create a new account, instead you may register yourself using your Google or Facebook account etc. This also saves time if the registration process requires you to fill out a large number of fields.

Networking: The content you post on one site can be shared across multiple sites and can access by your friends easily.

Privacy: With OAuth, you have the option to select what data the site you are registering to have permission to access. For example, you may want to give access to your email-id but not your date of birth. This is possible with OAuth.

Security: It is from the beginning of OAuth 2.0 — that is considered to be the standard model for the OAuth data transfers, therefore must occur on SSL i.e. Secure Sockets Layer in order to ensure, that even the most trusted cryptography industry protocols can also be used for keeping the data safe.

Managing user information becomes easier: Since the user information is not directly stored within the server database, management becomes much easier. Only the relevant OAuth data needs to be stored.


Nikunj Bhanushali is associated with Cogzie as Sales & Operations head and who loves sharing information regarding ASP.NET, MVC, EPi Server and JS Angular. Get in touch with him for Biztalk Server Consulting services.