OAuth 2.0 access tokens explained
HTML-код
- Опубликовано: 8 сен 2024
- Try it out at oauth.com/play... and sign up for a forever-free developer account at developer.okta...
Aaron's book: OAuth 2.0 Simplified amzn.to/2S6Uj4e
Check out our new video course! The Nuts and Bolts of OAuth 2.0
oauth2simplifi...
Sign up for our monthly newsletter! a0.to/zeroindex
Brilliant analogy and very well explained so everybody can understand it. Thanks for sharing.
Absolutely mind blowing, I can't recall if I've ever seen anything explained so beautifully on RUclips before. Thanks!
I was trying to think of a real world example to explain about OAUTH, your example is spot on and your explanation and correlation with the concept is awesome!! Great job and thanks for posting it!!
Great analogy. We need more brilliant educators like you
I just learned more in 3 minutes watching you than I did in 20 minutes watching other content. Thankyou for a clear concise explanation that had an amazing analogy!
Glad it was helpful!
This was literally the smoothest explanation I have seen so far! Thank you so much.
Nicely explained, This is the Authorization part for accessing the API
Very well explained. Now I will never forget this!
This is such a perfect analogy. THANK YOU
Thank you very well explained ! I am great at explaining anything to do with car engines and car parts but not good at understanding computers and how the programs work..i can use a laptop and work my way around but have some trouble understanding things such as URLs and tokens and so on.Thank you so much for taking the time to explain this ! You helped me so much !! Great Video very well explained , this really helps people like me who are not great with computers ..Hope to see more videos from you...!!
Your explanation is superb! What an underrated channel here on RUclips 😱
Perfect example. Thanks for posting
Very good analogy. Simple but clear explanation
Super.........and to the point ...helped in thinking more clearly about the auth process in OAuth
Brilliant analogy. Love the way you articulate the concept 👏👏
Amazing how you related access token with practical example.
Glad you think so!
@@OktaDev Your videos are amazing. Actually I am trying to implement oauth2 in one of my project using Springboot. However I don't find any videos related to the implementation. Could you please share few videos on the same
@@0sand1s31 I created a video last year on how to create an OAuth 2.0 resource server with Spring Boot. Maybe it'll help? ruclips.net/video/w-qKailh3WQ/видео.html
@@mraible Thank you. I will go through it.
Such an easy way to understand thanks a lot for ur knowledge sharing 🙏
A simple and clear explanation!
Clear as crystal 🔮 ,Thanks for sharing.
Very easy to understand and clearly delivered, thanks
Great analogy! Well done!
genius analogy!! Thanks a lot!!
Nice explanation man!
excellent explanation!!! Hotel key card. thanks.
Awesome simple explanation, thank you 🙏
It's a good explanation of the token. I thought you'll also explain a bit OAuth 2.0 though.
great explanation!! clear, simple and short!
At 2:30 you mentioned a "jot", is that how JWT is pronounced?
Yep it is! Sorry I should have clarified that!
@@aaronpk Ys. Im sured
Unfortunately yes. "jot" is arguably an oversimplification of JWT and probably slows communication long enough to lose any gained time of saying "jot" over "jay dub el you tee". Humans tend to reduce identifiers the more they're used, which is why "JSON Web Token" was reduced to "JWT" and then "jot". Since 9 in 10 people ask "what is a jot?" the first time they hear it, which causes, at minimum, a 10 second conversation that would have never happened otherwise, "jot" is arguably oversimplified. Gaining 0.5 seconds and losing 10 every time you say something is a net loss. Not to mention cryptic communication is always a poor choice (i.e. choosing a little-known, but slightly more effective word when a well-known, slightly-less effective word will do, always yields lower comprehension, and if your goal is comprehension, making that choice was, by definition, an error).
There is an adage "Make it as simple as possible, but not simpler", taking JWT to "jot" probably violates that, however, that's what humans tend to do, so the next time you invent a cool piece of technology, try to make sure it can be reduced to 3 letters and one syllable ahead of time; you'll save a lot of people from feeling dumb :)
Great explanation!🎉🎉🎉
Thank you! 😃
Great would like the same clear explanation for all the stuff before the access token.
Very nice, excellent analogy.
short...crisp....clear !!
Good explanation... Nice tshirt.
perfectly explained
Simply brilliant.
it is very simple
unless u understand it in coding.
🙂
Well understood
Great explanation!
excellent!
Amazing. Thank you!
Good explanation
Bro, you are a life saver 🔥
Just like you need to have the keycard in your hand and swipe it to get in, where does the access token need to go on, say, a GET request so that the resource server knows it is allowed to give me the info I ask for? Do I put the whole token string in the Authorization parameter of the header?
Brilliant analogy and very helpful for a non-IT person like me. Can sometimes these tokens/room keys for single-use? Do they usually have a validity period/lease time? Are these called Dynamic tokens?
cool, where refresh token may be in this analogy? maybe girl on reception that can give you a new access token if you lose yours if you show a statement about the payment of the hotel bill(this one is refresh token)
i was there in the first half.😅😅
How i get access token..?
Excellent!
it's so simple!!
Does anyone know what URL to enter that redirects the seller authorization to my production application? I don't get it.
Thanks a lot ....
Got the point!!
Tks sir 🤟
Do you have such video regarding OIDC.
Plz share a link
Hi,
May explain for me about after do call api refresh token to renewal access token, so current access token will being kept using or it will be expired if I use OAuth 2.0 flow.
i wonder if the OAuth has got the user ID in
When you say access-token, do you mean basic token or bearer. I assume it bearer. Then what is basic token in the hotel analogy?
I believe there is not basic token, there is basic auth which is sually base64urlencoded username:password, this gets you a JWT
How does one revoke an access token in OAuth2? Is it possible or should it be solved by having very short expirations of AccessToken?
But what foed API mean btw? I m a little less lost,but still a little...
Cool glasses
Access token are sent to Api to access resources over a front channel- which is less secure. Does it not defeat the purpose of OAuth calls over back channel between auth service and client server ,to make it more secure? Ultimately, we get the access token which can be hacked , just like the auth code , both being passed over front channel.
Would you please explain this, if I'm missing anything in this understanding.
Check out this livestream we did recently talking more about the front channel vs back channel: ruclips.net/video/uwbqqRA7wbI/видео.html
Access tokens are not sent to resource servers (APIs) in the front channel, they are sent in the back channel. That said, you are correct that if someone can steal an access token that is bad. It's the same as a hotel key, if you find one on the ground you can pick it up and try using it at all the doors.
So the user generates a hotel key for me to use :)
Whoever came up with the OAuth2 mechanism surely had the idea while checking in at a hotel. You can bet you bottom dollar.
Who is the audience in this metaphor?
Didn't help to resolve problem
Thank You! #KaiBuskirk #CodeLessWorkFlows
Walker Cynthia Robinson Sarah Young Eric
So I got a creator code
What is a bearer token ? Is it the same access token ?
Lee Sharon Thompson Sarah Martinez Dorothy
Lopez Margaret Clark John Williams Kimberly
Lewis Sandra Harris Donna Anderson Scott
Brown Joseph Harris Deborah Rodriguez Donna
Hall Linda Jones Donald Clark Gary
This guy seems like ai generated human.
This guy urgently needs a tutorial on visual aids to present complex ideas... Or he loves being in front of the camera...
Thank you. Example was good, but it felt like you were repeating same thing again and again all video.. Sorry 👎
Hall George Davis Lisa Moore Laura