In this blog post I will be writing how you could make use of OAuth2.0 to build a simple web application to view some of your GitHub profile statistics.

A bit about OAuth

OAuth was began with the implementation of twitter openId in 2006. The OAuth discussion group was created in April 2007. DeWitt Clinton from Google learned of the OAuth project, and expressed his interest in supporting the effort. In July 2007, the team drafted an initial specification. Eran Hammer joined and coordinated the many OAuth contributions creating a more formal specification. On December 4, 2007, the OAuth Core 1.0 final draft was released.

OAuth2.0

This version was released in 2012. OAuth 2.0 is not backward compatible with the OAuth 1.0 version and this provides specific authorization flows for web applications, desktop applications, as well as mobile phones. Facebook graph API can be identified as an major application of OAuth 2.0.

How it works

Following are the main roles in an OAuth flow.

Client Application: The application that needs to access the user's resources on resource server.

  1. Authorization Server: Verifies the identity of the user and issues the access token to the application.
  2. Resource Server: Hosts the user accounts
  3. Resource Owner: User who authorizes the third-party application to access their account.

As the above flow describes, before accessing the protected resources, the client application needs to send two specific requests to obtain the authorization grant and the access token. The authorization grant type depends on the method used by the application to request authorization, and the grant types supported by the API. There are four grant types that OAuth 2.0 supports. They are:

  1. Client Credentials: Used with application API access.
  2. Resource Owner Password Credentials: Used with trusted applications, such as those owned by the service itself
  3. Implicit: Used with mobile or web applications
  4. Authorization Code: Used with server-side applications

Implementation

Repository: https://github.com/ntbandara3/OAuth-2.0-SSD-Assignment