Basic authentication mechanism using OAuth.

The current third party apps revolution led to the scenario where apps need to access user’s private data from different websites. In order to access user’s data from other sites (especially personal data) , we have to go through a basic authentication mechanism. Many of them follows OAuth.  You can read more about OAuth from here.

Here am just sharing a diagrammatic representation of how we are establishing a secure connection with a distant website using OAuth. My intention is to give an high level overview of OAuth mechanism.

Inline image 1

1) Initially we will send a get request to the url from where you intend to get data and you will provide some information such as our application id, scope of data access ( r/w permission for different data sets, eg read_products, write_tweet), and redirect_uri(url to redirect after authentication) for authentication purpose.

2)If user grant the access to the specified scope,  we will receive a code(long id) and some other details as response from the site.
3) We are interested only in the code, which we will send back to the website/url(normally this url will be given in developer Api) for getting an access_token.  We use this access token for establishing a secure connection. We can save this access_token for future use also. That is once a connection is established and we got access token we can receive user data at anytime until access_token expires or user revoke their permission.