2013/11/16

Introduction to OAuthn

Background

While I am dealing with Guildwars2 (umm it is nice game :D) web API, I found that they are going to evolve their API with OAuth. So, I am really wondering what is OAuth and what it can do. 

So... what is OAuth?

According to their page definition, it is a new protocol aims on providing an efficient way to control the web-application access rights. In other word, web-applications can ONLY access what you have granted them.

Conceptually, they have defined 3 entities. Users (You and me), Consumer (web-applications) and Service Provider (eg Twitter).
Overview of Oauth

The diagram in left hand side is what I got after digesting the data in OAuth webpage. The ultimate goal of consumers is getting protected resources which manged by Service Provider.

Before, web-application may get users credential in order to archive the above goal.

This is not a good approach since web-applications can do whatever they want after getting your credentials.

Therefore, that's why OAuth introduced. By the help of the token concepts, all accesses must be granted by Service Providers and Users without letting Consumers know Users credentials.

Flow chart from OAuthn to show how it works




沒有留言:

張貼留言