OAUTH and tokens
Using APIs for communications between different applications and sharing resources has been a main aspect in our age , But once it comes to sharing your data you need to take privacy as a priority .
What is OAUTH ?
OAUTH is a standard protocol that means ( open authentication), It focus on how to authenticate the client side to reach the server resources.
-> OAUTH1 was published in 2010
-> OAUTH2 was published in 2012 with a better user friendly experience
OAUTH STANDARD PROTOCOL
OAUTH focus on how to decouple authentication from authorization , It states that a user should authenticate first , if he becomes authenticated the server grants him an access token .
With every API call request , user sends his token to validate whether he has access to the resource or not without the need to send his username and password with every request.
OAUTH TOKEN TYPES
1) BEARER TOKEN : ?A short string of hexadecimal characters, not intended to have any meaning.
2) JWT: (Json web token ) A string generated from encoding json data with a secret key , where by decoding this string with the secret key again data will be readable.
Once a token is granted to the user by the server , it is saved in his session .