[CS] OAuth 2.0 Day-85

cptkuk91·2022년 3월 21일


목록 보기

The social login authentication method is implemented based on OAuth 2.0 technology.

Unlike the server that handles authentication directly, OAuth 2.0 is a method that mediates authentication. Protocol that simplifies the process of authorizing clients to access permitted information.

Web service(Github, Google, FB) replaces the user's authentication, after issuing token for access rights, authentication is possible on my server based on token.

  • Resource Owner : user in access.

  • Client : Clients are applications that access resources.

  • Resource server : Server that can accept and respond to client requests.

  • Authorization server : The server that issues the Resource Server Access Token.

  • Authorization grant : Access Token's credentials, including permissions.

  • Authorization code : This is the code required before the Access Token is issued.

  • Access token : Credentials used to access resources.

  • Scope : Token's permissions are defined.

Grant Type?

This is how the Client obtains an Access Token.

  • Authorization Code Grant Type

  • Refresh Token Grant Type

Authorization Code Grant Type

This is the most common method.

The authorization code procedure is enhancing security.

Order to be issued an Access Token, Client only receives the Code from the Authorization Code and requests the Access Token from the Server.

Refresh Token Grant Type

From the user's point of view, updating is cumbersome. Therefore, Refresh Token Grant Type allows users to maintain login without continuously reissuing Access Tokens.

Why use OAuth?

From the user's point of view, it is cumbersome to continue registering as a member when using each service. Therefore, if social login is possible, there is no need to memorize IDs and passwords one by one.

Social login logic

  1. Request Authorization Code (Client to OAuth)
  2. Grant Authorize Code through Redirect Uri (OAuth to Client)
  3. Pass Authorization Code (Client to Server)
  4. Request Access Token to Authorization Code (Server to OAuth)
  5. Grant Access Token (OAuth to Server)
  6. Pass Access Token (Server to Client)

메일은 매일 확인하고 있습니다. 궁금하신 부분이나 틀린 부분에 대한 지적사항이 있으시다면 언제든 편하게 연락 부탁드려요 :)

0개의 댓글