Resources >
Tutorials >
Explained: What is OAuth2.0 and Access Tokens

Explained: What is OAuth2.0 and Access Tokens

Say hi to the most commonly used authorization tool- OAuth 2.0 and uncover how it works!

Learn from Experts
Explained: What is OAuth2.0 and Access Tokens
Explained: What is OAuth2.0 and Access Tokens

What is OAuth 2.0

OAuth 2.0 stands for Open Authorization and has been created for the purpose of permitting a website or an application to gain access to resources which are hosted by different web applications. 

This is done on behalf of a user. In other words, OAuth 2.0 gives access with consent and also limits those actions on resources which can be executed by the client application on behalf of the user, without sharing the details of the user.

OAuth 2.0 is a standardised protocol which is used across the industry to get authorization. While the main purpose of this protocol is to maintain flow of authorization for web and desktop applications, it also ensures simplicity of the process for the client developers.

Principles of OAuth 2.0

OAuth 2.0 primarily runs on a few principles which have been listed below-

Authentication or Authorization

  • It is important to not confuse OAuth 2.0 to be an authentication tool. It is only an authorization tool with the focus being on allowing access to certain sets of resources.

Access Tokens

  • OAuth 2.0 requires an Access Token. An access token is in the form of data which shows the authorization for accessing resources and does this on the end-user’s behalf. 
  • There is no fixed format for Access tokens, but the most commonly used format is JSON Web Token. This way, the issuers of the token are able to integrate the data with the token. Access tokens also come with expiration date to keep security intact.
  • It is interesting to know that one access token can give different levels of access to many APIs. Scope is one parameter which manages the resources to which access token gives permission.

How OAuth 2.0 works

The process of working of OAuth 2.0 is fairly simple:

  • The first step is to seek client credentials. Next, a request is raised by the client application to get an access token from the server. At this stage, there are one or more than one values sent to the scope parameter.  
  • This is followed by extraction of a token from the response.
  • The token is sent to the particular API that needs to be accessed. Sometimes, it may be required to refresh the access token as they are applicable for a limited time.

Conclusion

OAuth2.0 supplies the authorization workflow for web, desktop applications, and mobile devices. It is a server side web app that uses authorization code and does not interact with user credentials.

OAuth 2.0 replaced OAuth 1.0 in 2012 and is now the de facto industry standard for online authorization. If your organisation hasn’t moved to using OAuth 2.0 yet, you can opt to upskill your team in API Testing and QA with a personalised training curriculum matching your requirements. 

Now that we have discussed about Access Tokens, it is imperative that we discuss JWT which has become increasingly famous for maintaining security of APIs.

How to install Jenkins on Ubuntu 20.04?
Introduction to DevOps
Introduction to Cypress Test Automation Tool
Beginners Guide to API Testing
5 HTTP Methods and their CRUD Operations
What is REST and REST API
REST API vs. SOAP API: The difference
What is Payload in API Testing: Explained
What are HTTP Headers: Definition & Types
Authentication & Authorisation in API Testing
Explained: What is OAuth2.0 and Access Tokens
What are JWT Tokens: Definition, Benefits 

Most Read Tutorials

What are JWT Tokens: Definition, Benefits 
Authentication & Authorisation in API Testing
What are HTTP Headers: Definition & Types
What is Payload in API Testing: Explained

Saurabh Dhingra

DevOps Trainer & Consultant

Saurabh has conducted enterprise transformation drives and trained 50,000+ trainees in DevOps, QA and Agile. He is on a mission to support professionals with the skills they need to move ahead in their careers.

Improve delivery and production process with
Basics of API Testing
practices
Basics of API Testing

Upskill with more

QA

resources

No items found.
No items found.
No items found.
Invest in the latest workplace trend:
Upskilling
Get hands-on, personalised training for teams in DevOps, QA, Agile, Cloud, Data Science, Office Productivity and more
Get FREE 1:1 Consultation
Keep Learning:
Introduction to DevOps