How Does Oauth 2.0 Work?

1.	How Does Oauth 2.0 Work?
Answer» To access protected data stored on Google services, use OAuth 2.0 for authorization. Google APIs support OAuth 2.0 flows for different types of client applications. In all of these flows, the client APPLICATION requests an access token that is associated with only the client application and the owner of the protected data being accessed. The access token is also associated with a limited scope that defines the kind of data the client application has access to (for example, "Manage your tasks"). An important goal for OAuth 2.0 is to provide secure and convenient access to the protected data, while minimizing the potential IMPACT if an access token is stolen. The typical work flow for OAuth 2.0 requests: When a user first attempts to use functionality in your application that requires the user to be logged in to a Google Account or YouTube account, your application INITIATES the OAuth 2.0 authorization process. Your application directs the user to Google's authorization server. The link to that page specifies the scope of access that your application is requesting for the user's account. The scope specifies the resources that your application can RETRIEVE, insert, update, or delete when acting as the authenticated user. If the user consents to authorize your application to access those resources, Google RETURNS a token to your application. Depending on your application's type, it either validates the token or exchanges it for a different type of token. For example, a server-side web application exchanges the returned token for an access token and a refresh token. The access token lets the application authorize requests on the user's behalf, and the refresh token lets the application retrieve a new access token when the original access token expires. To access protected data stored on Google services, use OAuth 2.0 for authorization. Google APIs support OAuth 2.0 flows for different types of client applications. In all of these flows, the client application requests an access token that is associated with only the client application and the owner of the protected data being accessed. The access token is also associated with a limited scope that defines the kind of data the client application has access to (for example, "Manage your tasks"). An important goal for OAuth 2.0 is to provide secure and convenient access to the protected data, while minimizing the potential impact if an access token is stolen. The typical work flow for OAuth 2.0 requests:

Answer»

To access protected data stored on Google services, use OAuth 2.0 for authorization. Google APIs support OAuth 2.0 flows for different types of client applications. In all of these flows, the client APPLICATION requests an access token that is associated with only the client application and the owner of the protected data being accessed. The access token is also associated with a limited scope that defines the kind of data the client application has access to (for example, "Manage your tasks"). An important goal for OAuth 2.0 is to provide secure and convenient access to the protected data, while minimizing the potential IMPACT if an access token is stolen.

The typical work flow for OAuth 2.0 requests:

When a user first attempts to use functionality in your application that requires the user to be logged in to a Google Account or YouTube account, your application INITIATES the OAuth 2.0 authorization process.
Your application directs the user to Google's authorization server. The link to that page specifies the scope of access that your application is requesting for the user's account. The scope specifies the resources that your application can RETRIEVE, insert, update, or delete when acting as the authenticated user.
If the user consents to authorize your application to access those resources, Google RETURNS a token to your application. Depending on your application's type, it either validates the token or exchanges it for a different type of token.
For example, a server-side web application exchanges the returned token for an access token and a refresh token. The access token lets the application authorize requests on the user's behalf, and the refresh token lets the application retrieve a new access token when the original access token expires.

To access protected data stored on Google services, use OAuth 2.0 for authorization. Google APIs support OAuth 2.0 flows for different types of client applications. In all of these flows, the client application requests an access token that is associated with only the client application and the owner of the protected data being accessed. The access token is also associated with a limited scope that defines the kind of data the client application has access to (for example, "Manage your tasks"). An important goal for OAuth 2.0 is to provide secure and convenient access to the protected data, while minimizing the potential impact if an access token is stolen.

The typical work flow for OAuth 2.0 requests:

How Does Oauth 2.0 Work?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment