Access Granted: Simplifying OpenID and OAuth

OpenId OAuth
Introduction

Are you confused by OpenID and OAuth? These two can seem like secret superheroes with fancy names. But there’s no need to worry – in this article, we’ll break it down so you can understand their special powers!

OpenID and OAuth are highly used in the Microservices Architecture. To learn more about Microservices click on the following article Microservices Introduction.

First, every superhero needs an origin story…

OpenID was created in 2005 to allow simple, single sign-on across websites. So instead of separate logins for Facebook, Google, etc., you could use one OpenID login for all!

Next, in 2007 OAuth joined forces to add authorization capabilities. It allowed apps to access data in your accounts without having a password.

Together they formed an unstoppable duo!

Now let’s break down what each one does

OpenID handles authentication – it verifies your identity. When you log in with your OpenID credentials, it checks who you are.

OAuth handles authorization – it verifies what you have access to. It allows apps limited access to your data without giving away the password. 🔐

Example

Imagine you are a user who decides to log into a task management website called TaskPro. Here’s a simplified sequence diagram that shows how OpenID and OAuth work together when you log in with your Google account:

The client makes a request for signup here the OpenId starts the flow and the Authorization token is granted by the OAuth

Here’s a brief explanation:

  1. User clicks login: A typical button clicks in the browser, initiating the flow.

  2. OAuth Request: TaskPro redirects the user to Google’s OAuth 2.0 endpoint, passing along the necessary query parameters like response_type, client_id, and scope.

  3. & 4. User Authentication: If the user is not logged in, Google will prompt them to enter their Gmail credentials.

  4. & 6. Consent Screen: Google displays a consent screen asking the user to grant TaskPro access to their information.

  5. Authorization Code: Google redirects back to TaskPro with an authorization code included as a query parameter on the redirect URI.

  6. Token Exchange: TaskPro makes a POST request to Google’s token endpoint, exchanging the authorization code for tokens.

  7. Tokens Provided: Google responds with a JSON payload containing the ‘access_token’ and ‘id_token’.

  8. TaskPro Login: TaskPro uses the ID Token to authenticate the user and establish a session.

Let’s do a quick recap

OpenID = authentication

✅ OAuth = authorization

✅ OpenID logs you in across sites

✅ OAuth allows limited access to your data

Understanding these two can unlock the power of secure single sign-on in your apps!

Did this help explain OpenID and OAuth? Let me know if you have any other questions!

Share This Article

Reddit
LinkedIn
Twitter
Facebook
Telegram
Mezo Code

Mezo Code

Welcome to my technical blog, where I strive to simplify the complexities of technology and provide practical insights. Join me on this knowledge-sharing adventure as we unravel the mysteries of the digital realm together.

All Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Post
Kubernetes Developer Cheat Sheet

Kubernetes Developer Cheat Sheet

This cheat sheet covers the most frequently used kubectl commands that every developer working with Kubernetes should know. 1. Cluster Information Displays the version information

Read More »