Using OAuth for Authorization
Learn about generating tokens and changing their permissions with the OAuth protocol.
OAuth (Open Authorization) is an open standard protocol that allows third-party applications to access resources on behalf of a user without exposing the user's credentials. It's commonly used to enable secure authorization and access control for APIs, web services, and other protected resources. OAuth provides a way for users to grant permissions to applications to access specific resources while keeping their credentials safe.
The main goal of OAuth is to enable delegated access to resources, where a user can grant permission to an application to access certain resources on their behalf without sharing their username and password with the application.
While OIDC is responsible for the authentication flow, OAuth is the protocol responsible for authorization. Both protocols go hand-in-hand and are typically used together. In this lesson, we will go through the basics of OAuth with the help of a custom IdP application, which is presented in the following playground:
Get hands-on with 1200+ tech skills courses.