OAuth - Open Authorization basics

In this blog, we’ll explore the basic concept of OAuth, beginning with the reason behind its name, “OAuth.”

O - Open - an open standard used by everyone (Google, Microsoft, Facebook, GitHub, etc.)

Authorization - It’s about granting access (authorization) to resources without sharing credentials directly.

When accessing certain websites or mobile applications, you may notice options such as “Login with Google” or “Login with Facebook.” These authorization methods are based on the OAuth protocol. In essence, the website is indicating that it will not directly authenticate you; instead, it delegates this responsibility to a trusted third party—such as Google or Facebook—where you already maintain an account. This delegation streamlines the login process by leveraging existing credentials from established providers.

But what is actually happening behind the scenes? Let's look at all these in detail, step by step.

1. User visit the website and sign-up option is clicked.

2. Website shows you OAuth login options like Login with Google or Facebook.

3. User selects a OAuth provider

4. Website redirect the call to specific OAuth provider. This is referred as delegation.

5. OAuth provider shows a screen with list of user information which website will use and your consent so that OAuth provider can share the same to website after successful login.

6. After user provides the consent, the OAuth provider approves the login request and provide the selected user information to website. Example of user information could be Username, photo email etc.

7. OAuth provider redirects the call to website again to establish the authenticated session. OAuth provider also shares some details like ID Token, Access code and Refresh Token.

After this, website assume the user as valid user and allow him access the website.