Understanding Google OAuth 2 in a Simple Way

Introduction

This simple tutorial explains the working of Google OAuth 2.0 in a simple way and why it is needed. As readers read the article they will also come to know what is the difference between authentication and authorization. This is important because OAuth is an open standard authorization. In the last part there will be some fruitful discussion on whether it is safe or not. Before going further, I would like readers to read the below hot burning articles on deep learning, machine learning and AI written by AI Sangam.

Real Time Face Recognition using Facenet | AI Sangam

Kubernetes Introduction and Tutorial for Beginner | AI Sangam

OpenCV Installation Tutorial using pip || make || apt-get in 4 step

Natural Language Toolkit Guide

Table of Contents

Why OAuth is needed

Today there are a lot of websites available on the internet. Today the internet is used by billions of users and its surfing is increasing at a great speed. Games are available online for play. One can resize images online and can perform a lot of stuff online. But suppose for each website if each person has to do sign up, it would be very hectic for users. Not only for users but maintaining data for each user by specific websites on their databases would be also difficult. Now imagine that you need to use a particular website for a small fraction of time like resizing your image, so signing up would not be the option which you like. To overcome such scenarios Google OAuth came into existence which is open standard Authorization over internet which allows third party websites to login you using your facebook or google or giant companies credentials. Don’t worry as we will proceed in the article, we will understand things better. I urge readers not to lose interest and keep on reading till the end. You can also see some useful and educative career making videos from the below link

AI Sangam YouTube Channel

Authentication vs Authorization

As told in the previous section, OAuth is an open standard authorization. People misunderstand it as authentication. To make sure that readers understand the concept correctly this section is made. Authentication means you are genuine. To give a simple example, suppose you are logging to facebook. If you enter the right credentials then only you can get access to your facebook. This process is called authentication. Authorization means you are allowing someone to use your things. It depends on you how much extent you allow someone. In simple words, Authentication means giving permission to someone to use your data. To give a simple example, suppose you have admin privileges i.e you are the owner of the house and any guest came to your house. You provide him permission to use room of your house. This is called authorization. In the same way OAuth provides authorization to third party website to use your data by seeking permission from you. If you don’t understand, please do not worry. As we will proceed things will become more easy and understandable. I also urge readers to join us on facebook as very important articles and post are posted there. I am providing the link of AI Sangam Facebook page below 

AI Sangam Facebook Page

Working of OAuth 2.0

This is the most important part of this tutorial. I will explain the concept in a very simple way using the below steps.

Step 1: When user tries to login the third party website (consumer) using facebook or google then third party website sends request token to facebook or google. I will help to clear the concept by providing the example with facebook. Request token will help facebook to know that request is coming from legitimate website. Along with the request token, secret is also send which is used to prevent forgery. 

Step 2: On receiving the request token by facebook authentication server, the user will be redirected to page which will ask the permission of the user to allow third party website to access your Facebook data. One can select which type of data is to be allowed to be shared. If you deny this step no further action will be taken and the process is aborted. Just imagine guests came to your house and you deny them not to stay at their house. In such a situation, guests cannot do anything. 

Step 3: If you allow, facebook will generate access token for you which you will provide to third party website called as consumer.

Step 4: Consumer or third party website will provide this token to facebook resource server and hence will get the required data for a specific user.  

Step 5: Now you are logged to that website using your facebook credentials. I hope all understood the process. I also urge readers to see the feature image to help you understand the concept better.

Readers can also look for different topics written by AI Sangam on Quora whose link I am providing below

AI Sangam Quora

Is it Safe or not

This is a very important section and I am making this as conclusion of this discussion. This is very important because if you use something you must be aware whether such technology is not stealing our useful information. There is a threat with respect to this technology and threat is suppose when you click on login with facebook and third party website (consumer website) takes you to some malicious website or phishing website instead of google or facebook. If you share your credentials there then all of your information is lost. So be very clear and careful while giving access to third party website to use your data. One of the features which Google OAuth 2.0 brings is expiry of access token. In OAuth 1.0, access token does not expire while in 2.0 it expires after some time which is a good safety feature. I hope readers have enjoyed reading this small article. If you want to know more about us please don’t miss to mail us at aisangamofficial@gmail.com or you may also reach us at skype live:aisangamofficial. We are grateful that readers spare some time to read our article. 

Leave a Reply

Your email address will not be published.