CLIENT_ID

CLIENT_SECRET

PROJECT_ID

ACCESS_TOKEN

REFRESH_TOKEN

EXPIRY

oauth2.tar.gz

OAuth2-Python-SPA

OAuth2-Python

OAuth-Web

Open authorization (OAuth) is an open standard for authorization that enables apps to provide client applications with secure delegated access. It works over HTTPS and uses access tokens rather than user credentials. It allows sharing resources stored on one site with another with limited, strictly delimited client-side control.

This course provides information about OAuth 2.0, its components, and its workflows. We will learn how to build an application demonstrating Google sign-in integration. Lastly, this course will provide recommendations and resources for further exploration of the OAuth 2.0.

Authorization with OAuth 2.0 in Python

OAuth 2.0 isn't an authentication protocol but rather an authorization protocol. Its main purpose is to give access to resources like user data, remote APIs, and so on. The difference between authorization and authentication can often be tricky to understand. The **authentication process** involves verifying who the user is. Once a user has been authenticated, the **authorization process** involves deciding which resources a user can access and modify.

OAuth 2.0 does its main job with the help of access tokens. An **access token**, which is often a JSON Web Token (JWT) formatted token, is used to access resources in place of the user. The token issuers can add the data of their choice to these tokens. Moreover, the access tokens may have an expiration date for security purposes.

## The components of OAuth 2.0 

Let's look at some of the most important components of the OAuth 2.0 specification.

### Roles
Roles define the fundamental and important components of an OAuth 2.0 system. The following roles are at the core of OAuth 2.0's authorization system:

* Resource owner
* Client
* Authorization server
* Resource server

The **resource owner** is the owner of the secured resources. It holds the power to permit the use of those resources.

The **client** is the entity that needs permission to access the secured resources that are owned by the resource owner. In the context of OAuth 2.0, the client should have the appropriate access token to gain access to those resources.

The **authorization server** is where all the requests for access tokens from the client are directed. This server first authenticates the requests and then issues the access tokens after getting consent from the resource owner. The authorization server supports two endpoints:

* **Authorization endpoint:** This endpoint handles the interactive authentication process and consent of the user.
* **Token endpoint:** This endpoint is used in machine-to-machine communication.

The **resource server** hosts the secured resources that the client wants to use. Upon receiving access requests from the client, it first accepts and verifies an access token and then returns the requested resources to it.

### Scopes
**OAuth 2.0 scopes** restrict an application’s access to a user's account. They specify the purposes that require permission to access the resources. When an application requests for one or more scopes, the information regarding the requested scopes is displayed to the user in the consent screen. The access token issued to the application is limited only to the scopes granted.

> **Note:** OAuth doesn't define any particular values for scopes. The acceptable scope values and the corresponding resources are dependent on the resource server.

OAuth 2.0 isn't an authentication protocol but rather an authorization protocol. Its main purpose is to give access to resources like user data, remote APIs, and so on. The difference between authorization and authentication can often be tricky to understand. The **authentication process** involves verifying who the user is. Once a user has been authenticated, the **authorization process** involves deciding which resources a user can access and modify.

OAuth 2.0 does its main job with the help of access tokens. An **access token**, which is often a JSON Web Token (JWT) formatted token, is used to access resources in place of the user. The token issuers can add the data of their choice to these tokens. Moreover, the access tokens may have an expiration date for security purposes.

# The components of OAuth 2.0 

Let's look at some of the most important components of the OAuth 2.0 specification.

## Roles
Roles define the fundamental and important components of an OAuth 2.0 system. The following roles are at the core of OAuth 2.0's authorization system:

* Resource owner
* Client
* Authorization server
* Resource server

The **resource owner** is the owner of the secured resources. It holds the power to permit the use of those resources.

The **client** is the entity that needs permission to access the secured resources that are owned by the resource owner. In the context of OAuth 2.0, the client should have the appropriate access token to gain access to those resources.

The **authorization server** is where all the requests for access tokens from the client are directed. This server first authenticates the requests and then issues the access tokens after getting consent from the resource owner. The authorization server supports two endpoints:

* **Authorization endpoint:** This endpoint handles the interactive authentication process and consent of the user.
* **Token endpoint:** This endpoint is used in machine-to-machine communication.

The **resource server** hosts the secured resources that the client wants to use. Upon receiving access requests from the client, it first accepts and verifies an access token and then returns the requested resources to it.

## Scopes
**OAuth 2.0 scopes** restrict an application’s access to a user's account. They specify the purposes that require permission to access the resources. When an application requests for one or more scopes, the information regarding the requested scopes is displayed to the user in the consent screen. The access token issued to the application is limited only to the scopes granted.

> **Note:** OAuth doesn't define any particular values for scopes. The acceptable scope values and the corresponding resources are dependent on the resource server.

Learn more about OAuth 2.0 and its components.

Introduction

Sign In with Google

Conclusion

The Basics of OAuth 2.0

The components of OAuth 2.0

Roles

Scopes