If you are a developer, chances are that you are using APIs that requires authorization to be used. That is especially the case with most of the Google APIs. So, you should at least be familiar with OAuth2.
The aim of this article is not to describe what OAuth2 is (there are dozens of literature on it), but simply a reminder of the standard, and pointers on how to use Google OAuth2 Playground which is a super easy interactive demonstration tool using Google APIs.
OAuth 2, reminder
Roles
OAuth2 is not an authorization protocol, it’s a secure delegated access protocol. In this manner, you have to consider 4 distincts roles within this process :
- the ressource owner (typically you, or me or anyone…)
- the ressource server where the owner stores his data (for instance entries in Google Calendar)
- the client application (webpage, android app…) that will need to access the ressource of the owner (to display the Calendar entries for instance)
- the authorization Server that grants access to the application (based on the owner approval).
Token
Whenever the client application needs to access a ressource, it first asks to the authorization server a Token (access or refresh token). This token is then used to access to the ressource located on the ressource server (the token could be passed in various way, but the most…
