Oauth is a feature used by web applications that enables websites and web applications to request some amount of data from a user’s account registered on another application. It is a useful feature which allows to fetch user’s data from another application without exposing their login credentials. User has to agree on sharing the data to requested web application.
There are three distinct parties who are required to complete Oauth process,
Client application: The client application is the website or web application that requests for the user’s data
Resource owner : Resource owner is the user who owns the data which client application wants to fetch.
OAuth service provider: OAuth service provider is the resource handler who holds the user’s data. They provide the Oauth service by providing api to connect with servers to fetch user’s data.
STAGES OF OAUTH
- The client application seeks access to a part of the user’s data, indicating which grant type and level of access they require.
- The user is asked to log in to the OAuth service and provide access to required information.
- The client application is given a one-of-a-kind access token that verifies the user’s permission to view the requested data. This step varies on the grant type specified by the client application.
- This access token is used by the client application to make API calls to the resource server, retrieving the necessary data.