realDev Profile picture
Aug 3, 2022 12 tweets 4 min read Read on X
Many of us have certainly come across the OAuth2 framework or using it without knowing it.

For example, when we visit Canva, we can sign in with our google account, in this case, google acts as an OAuth provider.

👇 Thread
OAuth2 provides a way to access web apps with limited access to the user's account. it grants this access without sharing the password.

it functions with 3 entities that commonly use HTTP requests to communicate.
Client App - Canva
Resource owner - User
OAuth Provider - Google
As a first step, we access the Canva website, and it provides us with these two methods of logging in. at this point we are still in Canva's website, it will redirect to the google OAuth server once we click the sign in and it will be our next step. Image
Once we click the google sign-in, the Client Id will be sent to the google OAuth server, and the following page will be provided asking for the user's consent. Image
Here, google ask for consent to use the provided accounts. Image
Once we select an account, it will be redirected to the Canva's website, along with the authorization code. Image
The HTTP interaction will be between Canva's Server and Google Oauth server. We won't be able to see(in Browser) HTTP requests from the OAuth server. Canva's server will request an access token from the OAuth Server along with the authorization code and other parameters. Image
An access token will be provided to Canva's server and now it can be used to communicate with the google OAuth server and Canva's website. Image
In this phase we are almost done with authorization, a HTTP request with a bearer token is made by Canva's server to get the google user's full name and email. Image
Canva's server receives, the HTTP response by google OAuth2 with user information and it will be used in Canva. Image
I hope this is helpful, please follow, comment, and like.
Thank you

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with realDev

realDev Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @realDevHiz

Aug 6, 2022
OAuth2 - Implicit Flow

Implicit flow is used in old web applications and SPA but due to the expose of access token in URL, it has been deprecated, but let's try to understand it in this thread.

#dotnet #webdeveloper #authentication
Thread 👇
As a first step, the user visits the client app and chooses an OAuth provider(Google) to login. Image
An authorization request is made by the client app with the client id and token as the response type. Image
Read 8 tweets
Aug 5, 2022
OAuth2 - Authorization code + PKCE flow

The PKCE flow is developed with additional three parameters with the Authorization Code flow.

We are going to look at the process of Canva's login with google as an OAuth provider.

#dotnet #webdevelopment #100daysofcode
👇 Thread
As a first step, the user visits Canva and select Google to sign in. Image
In the Client App(Canva), it creates code verifier and code challenge.

The code verifier is generated as a random string and the code challenge is the encrypted of code verifier.

sha256 is used for encryption and it will be sent as code challange method to OAuth api. Image
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(