OAuth Server

-

What is OAuth 2.0

OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and Google. It works by delegating user authentication to the service that hosts the user account and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices.

OAuth Roles

OAuth defines four roles:
  • Resource
  • OwnerClient
  • Resource Server
  • Authorization Server

How its woks

Here I have created the both authorization server and resource server in a single api in node.js.  and angular for the demo application.
First create a demo application in OAuth application setting in github.


To get the access code, use a GET request in the login page.





After successfully login page will redirect to http://localhost:4200/posts (call back URL) and it will shows the access token


Then server sends a POST call to generate access token.


Then we can call the GET request for get user information.


In the Demo Application it will show as below.


You can download the source code here and follow the steps in the repo to run the application.

Comments

Post a Comment

Popular posts from this blog

OrientDB Quick Guide

-
OrientDB is an Open Source NoSQL Database Management System, which contains the features of traditional DBMS along with the new features of both Document and Graph DBMS. It is written in Java. It can store 220,000 records per second. OrientDB installation file is available in two editions : Community Edition Enterprise Edition The main feature of OrientDB is to support multi-model objects, it supports different models like Document, Graph, Key/Value and Real Object. It contains a separate API to support all these four models. Document Model OrientDB uses the concepts such as classes, clusters, and link for storing, grouping, and link for storing, grouping, and analyzing the documents. Comparison between relational model, document model, and OrientDB document model. Relational Model Document Model OrientDB Document Model Table Collection Class or Cluster Row Document Document C...
Read more

Cron Expressions

-
Cron expressions are used to configure instances of CronTrigger, a subclass of org.quartz.Trigger. A cron expressions is a string consisting of six or seven subexpressions (fields) that describe individual details of the schedule. These fields, separated by white space, can contain any of the allowed values with various combinations of the allowed characters for that field. Table 1 Cron Expression Allowed Fields and Values Name Required Allowed Values Allowed Special Charaters Seconds Y 0-59 ,-*/ Minutes Y 0-59 ,-*/ Hours Y 0-23 ,-*/ Day of month Y 1-31 ,-*?/LWC Month Y 0-11 or JAN-DEC ,-*/ Day of week Y 1-7 or SUN-SAT ,-*?/LC# Year N Empty or 1970-2099 ,-*/ Example Cron expression can be as simple as * * * * ? * or as complex as 0 0/5 14,18,3-39,52 ? JAN,MAR,SEP MON-FRI 2002-2010 ...
Read more

Double Submit Cookies Pattern

-
Image
Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application. Cross-site Request Forgery(CSRF) protection via Double Submit Cookies Patterns. In this technique, we send a random value in both a cookie and as a request param...
Read more