Oauth2 Description
Brief introduction to OAuth2\nOAuth2 is an authorization protocol designed to allow applications to access resources on behalf of a user without sharing the user’s credentials. It’s widely used for web, mobile, and desktop applications, providing a standardized way to manage access to APIs and user data.How it works
- Client (application) is registered with the authorization server to obtain a client ID and client secret. (Service access provisioning)
- Client requests the authorization server to grant access to desired resources and provides Access token.
- The client can access desired resources until Access token expires ( e.g. 15 minutes). Expiration datetime (exp as Unix Timestamp ) is accessible in the token payload together with issue datetime (iat). Any library for work with JWT should support this functionality, e.g. PyJWT (python).
Differences to other authn techniques e.g. API Key
- OAuth Access Token provides an enhanced security as tokens are short lived and revocable, reducing a risk of credentials exposure.
- Access Token should be re-used across multiple requests till token is expired (based on token expiration date time e.g. 15 minutes).
- Authorization Server Token endpoint is protected resource that can issue only finite number of tokens.