realDev Profile picture
Aug 6, 2022 8 tweets 3 min read Read on X
OAuth2 - Implicit Flow

Implicit flow is used in old web applications and SPA but due to the expose of access token in URL, it has been deprecated, but let's try to understand it in this thread.

#dotnet #webdeveloper #authentication
Thread 👇
As a first step, the user visits the client app and chooses an OAuth provider(Google) to login. Image
An authorization request is made by the client app with the client id and token as the response type. Image
OAuth server asks for the user's consent Image
The OAUTH server respond with token in the URL Image
The client app makes request with access token to OAuth server to access the resource Image
OAuth server responds with requested details. Image
I hope this is helpful, please follow, comment, and like.
Thank you #dotnet

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with realDev

realDev Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @realDevHiz

Aug 5, 2022
OAuth2 - Authorization code + PKCE flow

The PKCE flow is developed with additional three parameters with the Authorization Code flow.

We are going to look at the process of Canva's login with google as an OAuth provider.

#dotnet #webdevelopment #100daysofcode
👇 Thread
As a first step, the user visits Canva and select Google to sign in. Image
In the Client App(Canva), it creates code verifier and code challenge.

The code verifier is generated as a random string and the code challenge is the encrypted of code verifier.

sha256 is used for encryption and it will be sent as code challange method to OAuth api. Image
Read 10 tweets
Aug 3, 2022
Many of us have certainly come across the OAuth2 framework or using it without knowing it.

For example, when we visit Canva, we can sign in with our google account, in this case, google acts as an OAuth provider.

👇 Thread
OAuth2 provides a way to access web apps with limited access to the user's account. it grants this access without sharing the password.

it functions with 3 entities that commonly use HTTP requests to communicate.
Client App - Canva
Resource owner - User
OAuth Provider - Google
As a first step, we access the Canva website, and it provides us with these two methods of logging in. at this point we are still in Canva's website, it will redirect to the google OAuth server once we click the sign in and it will be our next step. Image
Read 12 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(