Menu
I have been doing research on this Oauth concept and I am still very confused about this concept. One of my main questions is how does one register with a google account or a twitter account.
For example, lets say in order to register to my website, you must provide a Username/Password/Email/GroupName. If you register through my website, than you can provide those fields very easily. However let's say the user wants to register through google. How would those fields populate?
From my understanding once you register with your google credentials, you are redirected to a page on my website where you fill in the required fields. I am not sure if this is correct. Can anyone help me understand this more?
897
OAuth doesn't share password data but instead uses authorization tokens to prove an identity between consumers and service providers. OAuth is an authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password.
The OAuth 2.0 specification defines a delegation protocol that is useful for conveying authorization decisions across a network of web-enabled applications and APIs. OAuth is used in a wide variety of applications, including providing mechanisms for user authentication.
OAuth essentially allows the user, via an authentication provider that they have previously successfully authenticated with, to give another website/service a limited access authentication token for authorization to additional resources. Additionally, OAuth 2.0 is a framework, not a protocol (like version 1.0).
Basically OAuth works like this (depending on the version these points consist of multiple steps):
Using this access token you can then request the users data from the provider. Typically the providers provide a call which you can use to ask for the user's email address, full name and a (provider-specific) user id, but that is not part of OAuth.
How you now use this information to handle that user as if he logged in to your site is then completely on your own. You probably want to create a new user object on your side each time you see a new user id.
55
There are couple of basic concepts that needs some clarity before one can understand how a new user registration happens using OAuth2. These are:
For new user registration, you will follow the same sequence of client app requesting authorization to be granted access to the resources. This will trigger a login page, user logs in, authorization code is created (by the IdP) and sent back to the client app. The client app exchanges this code for an access token (some encryption signing is involved, read up the documentation - basically allowing client app to prove its own identify).
This access token is then used to request access to resources - in this case, the new user profile. This could be name, email, picture etc. Use this to create a new row in your client apps profile database. A new user account is created.
Then for subsequent logins, the client app will use this access token to validate its life with the Google Auth server - and then create a local session/cookie to login the user.
Hope this is clear.
6
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
