Tag Archives: certification

Open Authentication (OAuth)

OAuth is defined in RFC 6749. It was designed with HTTP in mind and permits a user to login to multiple web sites using a single user account credentials. A classic example is logging in to a corporate website using the credentials available in Facebook.

NOTE: There are two versions of OAuth (1.0 and 2.0) and these versions are not compatible. OAuth 2.0 is the current adopted standard.

OAuth defines four roles:

  • Resource owner – this is typically the end user, but it can be any system or computer
  • Resource server – the host of the secured accounts; the server responds to the client
  • Client – the application making a resource request
  • Authorization server – the server that issues access tokens to the client once identity is verified

There are two flows types with OAuth. There is a two-legged authentication style that does not feature a resource owner. This is the type of flow you will often find when APIs are in use. This post focuses on the DevNet Pro exam objective of the three-legged authentication style that does feature the resource owner.

Here are the steps we must know in this OAuth three-legged authentication process:

Step 1 – the resource owner sends a request to the OAuth client application

Step 2 – the client application sends the resource owner a “redirect” to the authorization server 

Step 3 – the resource owner connects directly with the authorization server and authenticates

Step 4 – the authorization server presents a form to the resource owner to grant access

Step 5 – the resource owner submits the form to allow access

Step 6 – the authorization server sends the client a redirection with the authorization grant code or an access token

Step 7 – the client application sends the authorization grant code, client ID, and the certificate to the authorization server 

Step 8 – the authorization server sends the client an access token and optionally a refresh token

Step 9 – the client sends the access token to the resource server to request protected resources

Step 10 – the client can now access the protected resources on the resource server 

Free AWS Cloud Practitioner Practice Exams for My Blog Faithful!

Enjoy these kick ass practice exams (with explanations) for the AWS Certified Cloud Practitioner exam. I just refreshed my cert recently and refreshed this product!

As a faithful blog follower – enjoy them free. Also – please consider leaving a 5-star review. Thanks.

https://www.udemy.com/course/aws-cloud-practitioner-practice/?couponCode=AWSCLF-FREEAPRIL2023