OAuth 2.0 - a dead simple explanation

Рет қаралды 26,478

Күн бұрын

Пікірлер: 68

@jgoebel Жыл бұрын

What do you think about this video? Let me know in the comments below. FYI: I had to re-upload this video because the old one had an audio issue. Sry for that.

@waynecam2007 Жыл бұрын

this is brilliant

@JoshComninellis 10 ай бұрын

VERY helpful. The clearest explanation I’ve been able to find on the topic. Thank you!

@abhinahitokab3879 7 ай бұрын

Great stuff , thanks alot, please keep updating with new changes in oAuth,

@alastairtheduke 10 ай бұрын

Great slow and clear explanation without cutting any corners, thank you

@jgoebel 10 ай бұрын

Glad you liked it

@xandmore Күн бұрын

What an amazing explanation! Thank a lot! 🙇 Fabulous animations!

@MadridIsta7 28 күн бұрын

Simple straight to the point explanation! Thanks.

@Mr.D4yz 6 ай бұрын

Great video! Short and simple explanation to share with colleagues and not look like an alien trying to explain it.

@alexpato4 6 ай бұрын

One of the best explanations about OAuth, thanks a lot!

@carolineroy7992 10 ай бұрын

Thank you a lot ! I have to implement an authorization code grant for my personal project and the service doc was really confusing. Great explanation, you saved me 🤗

@jgoebel 10 ай бұрын

Great to hear!

@psylo1841 Жыл бұрын

You are creating amazing content! Please keep doing it!

@jgoebel Жыл бұрын

thx

@GigGigJigolo Жыл бұрын

Welcome back! May I ask what tool you used to illustrate this video?

@jgoebel Жыл бұрын

I used After Effects for this

@jrblackify 8 ай бұрын

Excellent video! Not verbose and tedious like many others, and very informative. The only small nit I have: at 4:45 you say "we will learn about the response type in a minute" but then I don't think you ever talk about it. You do talk about Grant Types which are related (I think?) but not response type.

@talatkuyuk6556 Жыл бұрын

It is really really good explanation. Thank you....

@jgoebel Жыл бұрын

Glad you liked it!

@philipparker5291 3 ай бұрын

Really clear explanation. Thanks a bunch!

@nohjrd 2 ай бұрын

Brilliant video and a really clear excellent explanation.

@winspyre 10 ай бұрын

Excellent explanation.

@jgoebel 10 ай бұрын

Glad it was helpful!

@ddrr6401 22 күн бұрын

thank you so much for this video .

@ThePomelo09 Ай бұрын

awesome explanation and presentation, new sub :)

@adrian333dev 11 ай бұрын

Really well explained ⭐⭐

@jgoebel 11 ай бұрын

Glad it was helpful!

@haidersyed6554 Жыл бұрын

9:10 the client may get refresh token but did you miss access taken part ? When is access token granted by the authorization server ?

@jgoebel Жыл бұрын

forgot to mention it, but you always get a refresh token and you optionally get a refresh token

@andreaskaudel3047 7 ай бұрын

Great stuff ! Thank you very much !

@jgoebel 7 ай бұрын

Glad you liked it!

@SandeepJan Жыл бұрын

amazing video.. are you planning to redo the other grant types similar to your old playlist or this is a one off update

@jgoebel Жыл бұрын

was thinking about that. I am a bit time-crunched atm and also the new animated videos did not get that many views. So not sure if I will continue this format or focus on different content

@grltrader 7 ай бұрын

Great video!

@jgoebel 7 ай бұрын

Glad you enjoyed it

@mm333-e1t Жыл бұрын

Yooo welcome back !!!

@jgoebel Жыл бұрын

thx

@k.deepak Жыл бұрын

Great content, as always! Could you please share the name of the software you used to create these animations?

@jgoebel Жыл бұрын

After Effects

@johanneskingma 11 ай бұрын

Question: what is the difference between a framework and a protocol?

@jgoebel 11 ай бұрын

Oh there are very long-winded debates about this 😅 It seems a bit fuzzy. So a framework is more composable, i.e. the spec does not stipulate every single detail (e.g. in OAuth 2 the spec does not say how exactly the access token has to look, it leaves it somewhat open). A protocol is a more stricter rule set that leaves little to no things open (e.g. HTTP or TCP)

@nwaformicah433 8 ай бұрын

Nice video and I think of using Oauth for the project am working on now but I want to ask a question. Did I need to pay or add my credit card before I can use it?

@jgoebel 8 ай бұрын

OAuth is just a standardized framework and quite a few Identity Providers offer it as a service. Whether or not that is free depends on the provider

@nwaformicah433 8 ай бұрын

@@jgoebel Thanks so much I just want to use user email for sign in, him or her into my express server. I have a full stack app, mern

@thongtranlequoc688 9 ай бұрын

Thank you very much. Your video is amazing

@jgoebel 6 ай бұрын

thx

@haidersyed6554 Жыл бұрын

How does Google know that the client has a backend ? What if Google issued client secret when there is no backend ? I got confused I think client credentials part needs more elaboration

@jgoebel Жыл бұрын

When you register the third party app, you can register a confidential or public client. If you have a backend, you can keep a secret safe, i.e. you have a confidential client

@yapayzeka Жыл бұрын

perfecta explanation

@jgoebel Жыл бұрын

Glad it was helpful!

@ribbenyms 8 ай бұрын

Good video but really bad EQ, I had to really crank down 125HZ cut to keep the floor from shaking :/

@sigge.g2193 5 ай бұрын

thanks!

@jgoebel 4 ай бұрын

Welcome!

@jano.5485 11 ай бұрын

Dumb question not directly related to OAuth... if you can extract anything out of a mobile application for example, how would such an application communicate with its backend securely? Surely you could also just extract those authentication secrets?

@jgoebel 11 ай бұрын

In a mobile app you would not ship any credentials in the app itself when you put it on the app store. That's why you need a backend that the app communicates with that holds the client secret for the OAuth flow. The moment the app is used, of course then you can store cookies, tokens etc on each user's device. But the whole point is that you must not have any secret in your app when you submit it to the app store. Or you do dynamic client registration. But then every mobile app installation is its own third party which would be strange

@AdefolajuwonOyebola Жыл бұрын

welcomee

@Saurabh12129 8 ай бұрын

This makes me believe I am not dumb.

@jgoebel 6 ай бұрын

Most explanations on the Internet are just overly complicated and don't explain the why

@PiersYves-k2z 3 ай бұрын

Jones Matthew Clark Charles Lopez Timothy

@RichardGonzalez-v6y 2 ай бұрын

Hall Richard Wilson Jose Harris Joseph

@SmedleyRudolf-w4k 3 ай бұрын

Brown Karen Gonzalez Jason Anderson Laura

@HillMick-m8y 3 ай бұрын

Wilson Betty Williams Thomas Rodriguez Margaret

@JeffreyWest-p2u 3 ай бұрын

Hall Anthony Thomas Karen Gonzalez Jessica

@EddieMaureen-y4u 3 ай бұрын

Martin Sarah Smith Elizabeth Garcia Linda

@AudreyMalia 2 ай бұрын

Martinez Donald White Lisa Williams Sandra

@ME-bw3rl 11 ай бұрын

2:37 "if the 3rd party application can keep data secret" what is that supposed to mean?? if it its trustworthy? if it stores data at all?? All the effort to make a video and then you throw things like that in there ... I don't understand video makers anyway

@jgoebel 11 ай бұрын

This is explained in the section confidential vs public clients at 3:06