Showing posts with the label web service security

OAuth Simplified

OAuth 2.0 is an authorization protocol which applications can use for accessing each other data. A more common scenario which you all have seen is to login into a website using your Facebook or Google account. In this article we will understand OAuth 2.0 protocol which is release in Oct 2012. It is much simpler than its previous version 1.0, as 1.0 involve certificate which is removed from 2.0. OAuth protocol will have following participants
Resource OwnerResource ServerClient ApplicationAuthorization Server The resource owner can be a user or application which has data that can be share with other application. For example an user on Facebook or Google can be consider as Resource Owner and his profile/account data can be consider as resource. The Resource Server is the application which stores resource like Facebook and Google can be consider as Resource Server. The client application is the application which request for accessing resources. Lastly Authorization server is the server for …