It’s not uncommon for people to use a variety of websites for various purposes. Web users may use one site to store, organize and share their digital photos. They may use another site to access and manage their bank accounts. Users may use another site to upload videos. Over the years, the internet has become populated with a wide variety of excellent web applications. Now is the time to enhance the user experience by making it easy to share information between those separate websites. That is where the OAuth standard comes in handy, increasing the ease and security of data sharing between distinct websites.
OAuth General Overview
Most of us have accounts on websites where we upload and store various things like videos, photos, contact lists, bank accounts and other files. In OAuth terminology, these are called “private resources”. There are quite a few occasions where it comes in handy to be able to share your private resources from one website with another, like for use by various social networking sites for example. Traditionally, if you wanted to share the resources you have stored with one site with another website, you’d have to expose your user name and password credentials, which opens you up to some security risks.
OAuth is a technology designed to allow you to share your “private resources” between websites (or web applications) without having to disclose your personal information. According to Oauth.net, it allows the user on one site to access their private resources on another site.
When a website asks you to register for an account, you usually have to enter a username and password. This information is stored in a database table and when you revisit the site and enter your login information, it checks to make sure the username you entered matches the associated password. This adds some security, but what if someone was eavesdropping on that transaction? If someone acquires your login credentials, then they can easily access your account information. In computer security terminology, they can perform what are called “replay attacks”, which in this context, simply means they could “replay” the same request you made to gain access to your account. An OAuth token prevents this type of scenario by using a secure “token” that can be used instead of your personal credentials to access “private resources” stored with various websites.
What Is A Secure Token Id?
A token is usually a unique string of letters and numbers (although technically, it can be other characters). These tokens can allow users to authenticate their identity and allow access to specified resources from another website.
Introduction – Oauthn