POSTMAN OAuth 2.0

Authentication is nothing but the way to gain access to some secure websites, or accessing a webpage or a server that requires credentials such as passwords or tokens. OAuth 2.0 is an industry-standard protocol for authorization and used widely for secure access.

OAuth 2.0 is mainly focused on client-side developers, but also is very useful for different application based uses like the: web applications, desktop applications, mobiles, and also smaller devices using the IoT and its cloud. Generally speaking, the OAuth 2.0 is the framework mainly based on letting you access any services or applications based on HTTP.

What exactly the OAuth do?
  • A user can access a webpage or a server through his user account. But while accessing into his account the user must be authorized and some tokens must be generated by some third-party websites or APIs which actually works as an intermediate verifier.
  • For websites which can work only after all the details of the user is fed into it, does the authorization itself. It means when you want to login to social-site like Facebook, the token for accessing the user account will be directly maintained by facebook and the Authentication server is Facebook's own server.
  • An access token is the token or the permission which means that the user has himself given the permission for accessing the data. Now it should be understood that the token is served to the user by the Authentication server.
Understanding the Token

A token is a key that is given to the user by a authentication server and the token is used by the user to let the website or any application access his details or user accounts.

The toke can be divided into three fields:

  • Header
  • Payload
  • Signature

For example, at the time of logging into a website through the facebook account may require some confirmation asking that whether you want to grant permission that the website can access your Facebook user data or not. There are some websites that may require only your simplest credential such as the profile picture. There also may be websites that may require all your details such as birthday, gender, photos, etc.

OAuth 2.0 Authorization using POSTMAN

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions