Hands-On Microservices with C# 8 and .NET Core 3.0, Third Edition by Gaurav Aroraa

Author:Gaurav Aroraa [Gaurav Aroraa]
Language: eng
Format: epub
Tags: COM051310 - COMPUTERS / Programming Languages / C#, COM048000 - COMPUTERS / Systems Architecture / Distributed Systems and Computing, COM060180 - COMPUTERS / Web / Web Services and APIs
Publisher: Packt
Published: 2020-03-27T06:58:47+00:00

Working with OAuth 2.0

Okay, you may not know what OAuth 2.0 is, but you have surely used it in several websites. Nowadays, many websites allow you to log in with your username and password for Facebook, Twitter, and Google accounts. Go to your favorite website—for example, the https://stackoverflow.com/ login page. For example, there is a login button that says you can sign in with your Google account. When you click the Google button, it takes you to Google's login page, along with some of the permissions we mentioned previously. Here, you provide your Google username and password, and then you click the Allow button to grant permissions to your favorite site. Then, Google redirects you to Stack Overflow, and you are logged in with the appropriate permissions in Stack Overflow. This is merely the end user experience for OAuth 2.0 and OpenID Connect.

OAuth 2.0 handles authorization on the web, in native mobile applications, and in all headless server applications (these are nothing more than microservice instances in our context). You might be wondering why we are discussing authorization first, instead of authentication. The reason for this is that OAuth 2.0 is a delegated authorization framework. This means that, to complete the authorization flow, it relies on an authentication mechanism.

Now, let's look at some of the terminology associated with this.

OAuth 2.0 roles describe the involved parties in the authorization process, as follows:

Resource: The entity that is getting protected from unintended access and usage. This is a microservice, in our case.

Resource owner: As its name suggests, the resource owner can be either a person or an entity who has ownership of the resource. They're also called the end user.

Client: Client is the term that's used to refer to all kinds of client applications. This refers to any application that's trying to access the protected resource. In a microservice context, the applications involved are single-page applications, web user interface clients, and native mobile applications, or even microservices that are trying to access other microservices downstream.

Authorization server: Simply put, this server is called an authorization server, because it authenticates the end user by issuing a valid token. We can also call it a server that authenticates the resource owner and issues the token to the client. This token is generated by the secure token service, which is hosted on the authorization server.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.