Introduction to OAuth 2.0 for beginners

Concepts that you need to know

Authentication: verifies the identity of a user or service.

Authorization: determines their access rights.

API: we guarantee access to the resource we wish to access (SOAP, REST).

Resource: data for example images, file and services, etc.

Oauth2 is a framework and protocol that defined forms, rules or medium how to access reource (data).

JWT: JSON Web Token is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

Bearer: Bearer tokens are a much simpler way of making API requests

example with a trusted client

example with a malicious client

in first example we trust in this client and in the second case we have a malicious client that is having access to our endpoint, then we answer that you take the data, because we do not have any mechanism to access that data, so the big question is do we trust all our clients?

So to create this mechanism, the idea is that every client that wants to access the resource (data) must have an authorization token to verify that it can and does have permissions to access that data.

example with oauth2.0

Conclusion

If you need to validate that not any client will be able to access your resource and want to protect that resource, oath2 is a good alternative to protect your resource, because malicious clients will want to access your resource and without protection any client will be able to access your resource. So Oauth2.0 is a good alternative.

Thank you for reading!

Authentication vs. Authorization: What's the Difference? | OneLogin

JWT.IO

https://www.rfc-editor.org/rfc/rfc6750#:~:text=Terminology%20Bearer%20Token%20A%20security,proof%2Dof%2Dpossession)