In the today’s dynamic technology landscape, OAuth has become important for any modern cloud deployment. If you have ever accessed a 3rd-party website using your Facebook or Google social profile, chances are you have already encountered OAuth in action.
Let’s consider an example to understand this protocol better. When you visit a restaurant, you might want to enjoy a hassle-free car parking experience with the valet parking service. Your car may have two types of keys; a regular car key and a valet key. When you hand over your regular car key to the valet parking attendant, you would enjoy the convenience of getting your car parked, but you might lose your peace of mind regarding the security of your car and the valuables inside it. The valet key comes in handy here since it doesn’t allow access to the glove box and trunk.
Similarly, while transacting on the Internet, you might come across websites which would need some basic personal details such as your name, email and a few other contact details to proceed ahead with the transaction. However, instead of spending time on creating a new account and filling up a lot of your personal details, you might opt to simply login and authenticate with your existing social profile such as Google or Facebook. This way you would allow secure delegated access to certain specific personal details through your social network provider on your behalf. This would provide the convenience of a smooth web experience while ensuring your social identity stays secure.
OAuth is an open standard framework that can securely issue and validate tokens for services on the Internet so that individuals can grant websites as well as 3rd-party applications access to their info available on other website without providing them the password. As a developer, OAuth essentially allows you (the resource owner) to issue tokens to 3rd-party clients through an authorization server (such as Facebook or Google) with your approval. The 3rd party can use these access tokens to gain access to protected resources provided by the resource server (such as Facebook or Google) for their use. Similar to the valet key in the example, the access tokens have limitations on resource access to enforce security.
To learn more about OAuth, watch this 5-minute video created by the Oracle Learning Library Team (YouTube channel).
Modern cloud applications today require modern identity and access management (IAM) architectures. Oracle Identity Cloud Service (IDCS) is built on an API-first architecture and leverages open standards such as OAuth 2.0, SAML 2.0, OpenID Connect and SCIM to enable comprehensive identity management across both cloud and on-premises applications. To learn more about this comprehensive security and identity platform visit cloud.oracle.com/identity.