Week 18 - Session 1 - User Authentication - OAuth 2.0

blog image source
OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and Google. It works by delegating user authentication to the service that hosts the user account and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices.

OAuth2 defines 4 roles :
  • Resource Owner: generally yourself.
  • Resource Server: server hosting protected data (for example Google hosting your profile and personal information).
  • Client: application requesting access to a resource server (it can be your PHP website, a Javascript application or a mobile application).
  • Authorization Server: server issuing access token to the client. This token will be used for the client to request the resource server.
There are 4 separate modes of AuthO, which are called grant types. Each mode serves a different purpose and is used in a different way. Depending on what type of service you are building, you might need to use one or more of these grant types to make stuff work.

 The Authorization Code Grant Type; used on web servers. You’ll want to use the authorization code grant type if you are building a web application with server-side code that is NOT public. If you want to implement an AuthO flow in a server-side web framework like Express.js, Flask, Django, Ruby on Rails, an Authorization Code is the way to go.

 The Implicit Grant Type; used for client-side web applications (like React.js or Angular.js) that don’t have a server-side component — or any sort of mobile application that can use a mobile web browser. Implicit grants are ideal for client-side web applications and mobile apps because this grant type doesn’t require you to store any secret key information at all — this means you can log someone into your site/app WITHOUT knowing what your application’s client_secret is.

 The Password Credentials Grant Type; used for first-class web applications OR mobile applications. This is ideal for official web and mobile apps for your project because you can simplify the authorization workflow by ONLY asking a user for their username and password, as opposed to redirecting them to your site, etc.

 The Client Credentials Grant Type; used for application code. You’ll want to use the client credentials grant type if you are building an application that needs to perform non-user related tasks. For instance, you might want to update your application’s metadata.

 Auth0 - https://auth0.com/
Passwordless Authentication with React and Auth0 - https://medium.com/javascript-scene/passwordless-authentication-with-react-and-auth0-c4cb003c7cde

Popular posts from this blog

Week 9 to 12 - Learning with MCR Codes

Image
My experience with  @MCRcodes   as a Quality Assurance Tester.  This is an evening part-time coding boot camp based in central Manchester which runs for 24 weeks, from February 2018 to July 2018. Week 9 (April 2018) - After spending two decades using the internet, I finally have an understanding how it works now, and the communication between the server and the client. Nice to create and run a simple server using Express and I now know what API actually means now, I think. Really appreciate how amazing and powerful the npm  package manager really  is, and looking forward to installing other future packages.  We have now started our back-end programming journey. Session 1 -  The Internet, the Web, HTTP Session 2 -  Web APIs & Express Week 10 - Really enjoying creating and reading test units for server assignments. Additionally, learning s ynchronous/a synchronous programming has been a tease.   Unfortunately, I was unable to attempt few classes due to unplanned c
Read more

Week 8 - Session 1 - JavaScript in the Browser

Image
blog image source HTML document as a nested set of boxes. Tags such as <body> and </body> enclose other tags, which in turn contain other tags or text. There is an object, which we can interact with to find out things such as what HTML tag it represents and which boxes and text it contains. This representation is called the Document Object Model, or DOM for short. The global binding document gives us access to these objects. Its documentElement property refers to the object representing the <html> tag. Since every HTML document has a head and a body, it also has head and body properties, pointing at those elements. When a web page is loaded, the browser creates a Document Object Model of the page, which is an object oriented representation of an HTML document, that acts as an interface between JavaScript and the document itself and allows the creation of dynamic web pages: JavaScript can add, change, and remove all of the HTML elements and attributes in the page
Read more

Week 9 - Session 1 - The Internet, the Web, HTTP

Image
blog image source The internet, a worldwide network of computer networks, a llows transfer of information between networks, and the information is transferred using the internet protocol suite (IP/TCP). One of the most commonly used services on the internet is the world wide web (www). A primary mode of transferring data (resources) over the internet for billions. The application protocol that makes the web work is hypertext transfer protocol. blog image source As web developers, we are mainly interested in HTTP,  a protocol that web browsers and web servers use to communicate with each other over the Internet.  The Hypertext Transfer Protocol (HTTP) is designed to enable communications between clients and servers. HTTP works as a request-response protocol between a client and server. A web browser may be the client, and an application on a computer that hosts a website may be the server. How does the Internet work? -  https://developer.mozilla.org/en-US/docs/Learn/Common_
Read more