oAuth for Beginners - How oauth authentication🔒 works ?
HTML-код
- Опубликовано: 28 сен 2024
- 🔒 Understanding OAuth Authentication: Explained with Real Life Example
Get into a Cloud career with my AWS for Beginners course - bit.ly/46gSOVd
In this video, we dive into the world of OAuth authentication, a crucial aspect of modern web security. OAuth allows you to grant access to your resources without sharing your credentials directly. But how does it work, and what real-world scenarios demonstrate its importance?
🚀 In this tutorial, we break down OAuth concepts into simple terms and illustrate its functionality with a practical, real-life example. From social media logins to accessing APIs securely, OAuth plays a pivotal role in ensuring the integrity and security of your data.
👨💻 Join us as we demystify OAuth and showcase its significance in today's digital landscape. Whether you're a developer, security enthusiast, or simply curious about how online authentication works, this video is for you!
🎥 Watch now and enhance your understanding of OAuth authentication!
PLEASE WATCH OTHER VIDEOS FROM THE POPULAR PLAYLISTS GIVEN BELOW. EVERY SINGLE LIKE 👍, COMMENT 💬 AND SHARE ↗️MEANS THE WORLD TO ME!
#itkfunde #keeplearning #keepsharing #keephustling
▬▬▬▬Want to learn more 🚀 - Checkout below playlist ▬▬▬▬
1) Networking and Infra Concepts - bit.ly/3Ek59Mc
2) Latest technology tutorial (2022) - bit.ly/3KSCG2w
3) Google Cloud Platform Beginner Series - bit.ly/37qF3ef
4) Learn Data Engineering, Architecture & Analytics -bit.ly/3JV5HsR
5) Data & Cloud Basics - bit.ly/3jNuRiI
6) Tech & Life Vlogs (tLogs) - bit.ly/3rzkPpL
7) IT k Funde ( shorts ) - bit.ly/3Otn5su
8) Tech Talk with Anshul (TTWA) PODCAST - • Tech talks with Anshul...
▬▬▬ All My Social Handels 👋👉 linktr.ee/itkf... ▬▬▬▬▬
👉 RUclips - / itkfunde
👉 Facebook - / itkfunde
👉 Linkedin - / ansh9685
👉 Twitter - / ansh9685
👉 Instagram - / itkfunde
▬▬▬▬▬▬ About This Channel ❤️▬▬▬▬▬▬
Friends ITkFUNDE channel wants to bring I.T related knowledge, information, career advice, and much more to every individual regardless of whether he or she belongs to I.T or not. This channel is for everyone interested in learning something new!
Want to clarify that OAuth is primarily an authorization framework, not an authentication protocol. It enables secure access to resources without sharing user credentials. While authentication often occurs within the OAuth flow, it's not the core function.
Such a good explanation with a nice understandable example. You are making our life simple, thank you so much for your efforts.
Thankyou 🙏
very good and clear, I just checked this video for a specific information, even I know the concept. And I got the clear idea. Keep it up..
thanks u so much, i have never seen a clear explaination like this! great work!
Really a great, relatable example to make this concept more familiar. I appreciate it very much.
What is there in it for the providers by giving out this Oauth API access? How do Amazon make money by giving somebody access to another site?
I must say thats a fantastic question, from business perspective Google or Amazon knows that eventually users will end up using thier platforms if there is a dependency created like oAuth does. Secondly these giants needs user data insights for thier own business and letting other Apps use oAuth enable them to do so.
Very clear 👌
Thank you from France 🇫🇷
If I haven't watched this video I would never understand OAuth this well.
Please also make video on oauth grant types
what a explanation brother 👍👍👍👍 great !!!!!!!
Do you have a video on jwt as well?
Very nicely explained the concept.👍 Thanks bro. Keep up the good work!!⏫
Explained with clarity
Bhadiya Tha
thank you for this masterpiece 🙏
You are a genius bro
Thanks!
Excellent explanation.
oAuth :) Great way to login with high security.
Thanks
thank you for the info
excelent 🙂
Thanks
👌👌👌
❤️❤️❤️
step 11 be like : hn hn apna hi bnda hai dede jo mang rha 😂
Brown Richard Moore Larry Martin Charles
My brother!! Your examples are plain text. 😂
All the explanations Lack step 11
You are mixing the terms authentication and authorisation in this video.
How does exchange of authorization code enhance security, instead of directly exchanging the access token. What benefit does the authorization code provide..when we can directly get an access token through the implicit flow.
1. Reduced Exposure of Tokens
Authorization Code Flow: The access token is not exposed in the user-agent (browser) or returned directly to the client application via the front channel (e.g., as a URL fragment). Instead, the authorization code is obtained through the user-agent but must be exchanged for an access token using a back-channel request from the server. This means the access token is transmitted directly from the authorization server to the application server, never passing through the client's browser.
Implicit Flow: The access token is delivered directly to the user-agent, making it more susceptible to being exposed in URLs, browser history, logs, or potentially malicious scripts running in the browser.
2. Client Authentication
Authorization Code Flow: This flow allows the client (application) to authenticate itself to the authorization server when exchanging the authorization code for an access token. This is typically done using the client secret, which only the client and the authorization server know. This step significantly reduces the risk of tokens being issued to malicious parties.
Implicit Flow: There is no client authentication involved when obtaining the access token, which makes it less secure, particularly for applications that can maintain confidentiality (e.g., server-side applications).
3. Short-Lived Authorization Codes
Authorization Code Flow: The authorization codes are short-lived and can only be used once. If an authorization code is intercepted, it becomes useless once it's exchanged for an access token. This minimizes the window for potential misuse.
Implicit Flow: Since access tokens are directly issued, any interception gives immediate access to the attacker.
4. Possibility of Using Refresh Tokens
Authorization Code Flow: This flow supports the issuance of refresh tokens (depending on the authorization server's policy), allowing applications to obtain new access tokens without requiring the user to authenticate again. This is particularly useful for applications needing long-term access to a resource server without compromising security.
Implicit Flow: Typically, refresh tokens are not issued because of the security implications of having such tokens in a less secure environment (like a browser).
5. Secure Token Handling and Storage
Authorization Code Flow: Since the tokens are obtained via a back-channel and can be stored securely on the server, it mitigates common threats such as Cross-Site Scripting (XSS) or other attacks that could compromise tokens stored or handled client-side.
Implicit Flow: Tokens stored in the browser are more vulnerable to being stolen through XSS or other similar attacks.
The Authorization Code flow, by requiring an intermediate step (the exchange of the authorization code for an access token), adds a significant layer of security that protects both the resource owner and the client application. It is particularly suited for applications that can maintain the confidentiality of their credentials and for scenarios where token theft or leakage could lead to significant security risks. The Implicit flow, while simpler and more direct, is generally recommended only for clients that are unable to securely store credentials and where the access token has limited permissions and a short lifespan.
Young George Williams Jennifer Lee Eric
Your explanation is too good.
Could you please make a Video how authorization and authentication is working in web application.
How JWT is working, OAuth vs JWT.
Sir, your explaination is amazing, Plz make a video on SSO protocols like Oauth, LDAP, OpenID,SAML and their differences PLZ
Super sir....can u explain in this in code with full example
Very good and informative explanation sir. many thanks and appreciate your efforts to explain this topic in the most simple way.
Thanks Anish ❤️☺️
very well explained,, thnaks
Thank you For ur well explanation
Wah bhai kya mast Samjhaya apne❤
thank you
nice explanation
Explained very well👌
Good Video..Thank you.
Thanks, it is useful
lovely explanation
nice