Open Authentication (OAuth)

OAuth is defined in RFC 6749. It was designed with HTTP in mind and permits a user to login to multiple web sites using a single user account credentials. A classic example is logging in to a corporate website using the credentials available in Facebook.

NOTE: There are two versions of OAuth (1.0 and 2.0) and these versions are not compatible. OAuth 2.0 is the current adopted standard.

OAuth defines four roles:

  • Resource owner – this is typically the end user, but it can be any system or computer
  • Resource server – the host of the secured accounts; the server responds to the client
  • Client – the application making a resource request
  • Authorization server – the server that issues access tokens to the client once identity is verified

There are two flows types with OAuth. There is a two-legged authentication style that does not feature a resource owner. This is the type of flow you will often find when APIs are in use. This post focuses on the DevNet Pro exam objective of the three-legged authentication style that does feature the resource owner.

Here are the steps we must know in this OAuth three-legged authentication process:

Step 1 – the resource owner sends a request to the OAuth client application

Step 2 – the client application sends the resource owner a “redirect” to the authorization server 

Step 3 – the resource owner connects directly with the authorization server and authenticates

Step 4 – the authorization server presents a form to the resource owner to grant access

Step 5 – the resource owner submits the form to allow access

Step 6 – the authorization server sends the client a redirection with the authorization grant code or an access token

Step 7 – the client application sends the authorization grant code, client ID, and the certificate to the authorization server 

Step 8 – the authorization server sends the client an access token and optionally a refresh token

Step 9 – the client sends the access token to the resource server to request protected resources

Step 10 – the client can now access the protected resources on the resource server 

Battle of the AI Chat Bots!


What is the BEST AI chat tool? Is it Bing, or ChatGPT, or Bard? While everyone will have their favorite, and probably shout about with great loyalty from the rooftops, I was intrigued to read a recent PC World article about this.

Even with just some casual use of the three tools, I could see that some of these new AI tools were better than others at certain tasks.

Here is my summary for my readers on the PC World results. Enjoy and I hope this helps you find the right AI fit.

Test 1 – Up-To-Date Information: WINNER: Bing

Test 2 – Current Events: WINNER: Tie

Test 3 – Uncertain Information: Bing

Test 4 – Complex Searches: Bard

Test 5 – Informed Opinion: ChatGPT

Test 6 – Problem Solving: ChatGPT

Test 7 – Logic: Bing/Bard

Test 8 – Coding From Scratch: ChatGPT

Test 9 – Deductive Reasoning: ChatGPT

Test 10: Creativity: Bing/ChatGPT