OAuth (Open Authorization) is an open standard for token-based authentication and authorization.
OAuth allows an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password.
It acts as an intermediary on behalf of the end user, providing the service with an access token that authorizes specific account information to be shared.
Let us take an example to show you how to implement OAuth as a Consumer:
REGISTER YOUR APP
Create an App in any OAuth Provider like Facebook, Twitter etc. After registering your application, you will receive a Consumer Key which identifies you to OAuth Provider.You will also receive a Consumer Secret that will be required when asking for an Request Token. Save the Consumer Key and Secret so that you can use it into your code as required.
GET A REQUEST TOKEN
The miniOrange Authentication Service requests a Request Token.The Request Token is a temporary token used to initiate User authorization for your application. The Request Token tells OAuth Provider that you've obtained User approval, but must be exchanged, along with the OAuth Verifier, for an Access Token.
GET USER PERMISSION TO ACCESS DATA
After getting the Request Token from OAuth Provider, miniOrange Authentication Service presents to your Users an authorization page asking them to give permission to our application to access their data.The authorization page will only ask for permission to a limited amount of User data, based on the access scopes you specified during the initial registration process.
EXCHANGE THE REQUEST TOKEN AND OAUTH VERIFIER FOR AN ACCESS TOKEN
After the users authorize miniOrange Authentication Service access to their information,our application needs to exchange the approved Request Token for an Access Token, which tells OAuth Provider that miniOrange Authentication Service has been given authorization to access User data.
AUTHENTICATE THE USER
After obtaining user information from the Access Token, it queries miniOrange Authentication Service enduser database. If the user already exists in database, it redirects to user Self Service Console. If the user does not exist in enduser database, it redirects back to Login Page.