Member-only story
Attacking OAuth
Published in
5 min readMay 9, 2024
OAuth Basics
OAuth2 is a web standard used for authorization between services, allowing third-party apps to access services or data from providers like Google or Facebook without users sharing their passwords. It enhances security and privacy by enabling users to control access to their resources through tokens issued by the authorization server.
OAuth components
- Resource Owner: The entity that guarantees access to the protected resource. Typically, this is the end user.
- Client: An application requesting access to a protected resource on behalf of the Resource Owner. This is also called the Relying Party.
- Resource Server: The server hosting the protected resources. These are the APIs we want to access.
- Authorization Server: It is responsible for authenticating the resource owner and retrieving access tokens after obtaining the proper authorization. It’s also called the Identity provider.
- User Agent: The agent used by the resource owner to interact with the client, such as a browser or a mobile app.
How does it work?
In OAuth, the user (resource owner) grants a third-party application (client) permission to access their protected resources stored on another service (resource server)…
