̥OAuth

OAuth (Open Authorization) is a standard for token-based authentication and authorization on the Internet. It allows an application (the client) to access resources hosted by another service (the resource server) on behalf of a user. OAuth 2.0 is the most widely used version of OAuth.

How OAuth Works:

1. Resource Owner: The user who authorizes an application to access their data.
2. Client: The application requesting access to the user's data.
3. Authorization Server: The server issuing tokens after authenticating the resource owner and obtaining authorization.
4. Resource Server: The server hosting the protected resources and accepting access tokens.

OAuth Flow:

1. Authorization Request: The client directs the resource owner to the authorization server.
2. Authorization Grant: The resource owner grants the client permission to access the resource (e.g., by logging in and approving).
3. Token Request: The client requests an access token from the authorization server using the authorization grant.
4. Access Token: The authorization server issues an access token to the client.
5. Resource Request: The client uses the access token to request the resource from the resource server.
6. Resource Access: The resource server validates the access token and serves the resource.

JWT (JSON Web Token)

JWT is a compact, URL-safe token format used for securely transmitting information between parties as a JSON object. It is often used in conjunction with OAuth for token exchange.

Structure of JWT:

• Header: Contains the token type (JWT) and the signing algorithm.
• Payload: Contains the claims, which are statements about an entity (e.g., user data).
• Signature: Used to verify the token's integrity and authenticity.