Skip to content

Instantly share code, notes, and snippets.

@jmevans0211

jmevans0211/o-auth.md

Last active December 10, 2019 18:57
Show Gist options
  • Save jmevans0211/5fa2c4ebc447b175343a5d4e7f068c1d to your computer and use it in GitHub Desktop.
Save jmevans0211/5fa2c4ebc447b175343a5d4e7f068c1d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
o-auth.md

O-Auth

Lesson: https://frontend.turing.io/lessons/module-4/oauth/index.html

Open-Authorization

  • open standard for implementing token-based authentication and authorization

The process of AUTHENTICATION answers the question "Who are you?"...

... while AUTHORIZATION answers the question: "What are you allowed to do?".

Tokens

The act of generateing a token to identify a user is considered the authentication "handshake".

Password Ant-Pattern

  • authentication "handshake" - generatign a token to identify a user

Checks for Understanding

What do we mean when we say something is an "Open Standard"?

  • "The term "open standard" is a little vague, but essentially describes a specification that is open to the public and free to be implemented by application developers."

What is the difference between authentication and authorization?

  • authentication refers to checking out the who. Who is authorized to access this data and is this user trying them? Authorization on the other hand refers to what is allowed to be done/accessed.

Describe the process of token-based authorization.

  • The process of authorized based tokens is first the client asks for an authorization token...

see diagram

How would you implement OAuth for an application that requires Twitter access?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment