OAuth

It works by delegating user authentication to the service that hosts a user account and authorizing third-party applications to access that user account. OAuth 2 provides authorization flows for web and desktop applications, as well as mobile devices.


OAuth Roles

OAuth defines four roles:

Resource Owner: The resource owner is the user who authorizes an application to access their account. The application’s access to the user’s account is limited to the scope of the authorization granted (e.g. read or write access)

Client: The client is the application that wants to access the user’s account. Before it may do so, it must be authorized by the user, and the authorization must be validated by the API.

Resource Server: The resource server hosts the protected user accounts.

Authorization Server: The authorization server verifies the identity of the user then issues access tokens to the application.


Here is a more detailed explanation of the steps in the diagram:

1.The application requests authorization to access service resources from the user
2.If the user authorized the request, the application receives an authorization grant
3.The application requests an access token from the authorization server (API) by presenting authentication of its own identity, and the authorization grant
4.If the application identity is authenticated and the authorization grant is valid, the authorization server (API) issues an access token to the application. Authorization is complete.
5.The application requests the resource from the resource server (API) and presents the access token for authentication
6.If the access token is valid, the resource server (API) serves the resource to the application.

Application Registration
Before using OAuth with your application, you must register your application with the service. This is done through a registration form in the developer or API portion of the service’s website, where you will provide the following information (and probably details about your application):

1.Application Name
2.Application Website
3.Redirect URI or Callback URL







Comments

Post a Comment

Popular posts from this blog

Java 8 : Find the number starts with 1 from a list of integers

  List<Integer> list = List. of ( 12 , 32 , 14 , 15 , 56 ); //Result->12,14,15 List<String> listString = list.stream().map(String::valueOf).collect(Collectors.toList()); List<String> result1 = listString.stream().filter(x->x.startsWith( "1" )) .collect(Collectors.toList()); System. out .println( "result1-->" +result1); List<String> result2 = list.stream().map(x->x+ "" ).filter(x->x.startsWith( "1" )) .collect(Collectors.toList()); System. out .println( "result2-->" +result2);
Read more

Junit Mockito and Power Mockito

Mock vs Spy Both can be used to mock methods or fields. The difference is that  in mock, you are creating a complete mock or fake object while in spy, there is the real object and you just spying or stubbing specific methods of it . Mock vs InjectMock @Mock  creates a mock.  @InjectMocks  creates an instance of the class and injects the mocks that are created with the  @Mock  (or  @Spy ) annotations into this instance. Unit Testing Void Methods with Mockito and JUnit How to Test Void Methods  As we already know that our aim is to test void methods in a class. But it is also really important to understand why we test void methods.  Whenever we write unit test cases for any method, we expect a return value from the method. Generally, we use assert for checking if the method returns the value that we expect it to return, but in the case of void methods, they do not return any value. So how do we check if our method is functioning properly? Let’s...
Read more

Customized Immutable Class

Image
Java Immutable Class In Java, when we create an object of an immutable class, we cannot change its value. For example, String is an immutable class. Hence, we cannot change the content of a string once created. Besides, we can also create our own custom immutable classes. Here's what we need to do to create an immutable class. declare the class as final so it cannot be extended all class members should be private so they cannot be accessed outside of class shouldn't contain any setter methods to change the value of class members the getter method should return the copy of class members class members are only initialized using constructor. PROS - Immutable Object is Threadsafe. For Constant Value. Used as a HashMap Key. (String, Integer, all wrapper classes are immutable) Why Hashmap key should be immutable? Immutability allows you to get same hash code every time, for a key object. So it actually solves most of the problems in one go. Also, this class must honor the hashCode() ...
Read more