What is OAuth and why does it matter?

What is OAuth and why does it matter? - OAuth in Five Minutes

Рет қаралды 157,340

Күн бұрын

In this video we cover what OAuth is and why we even have it in the first place. OAuth in Five Minutes is a series where we deep-dive on various topics around OAuth in just five minutes!
Buy the book! amzn.to/2S6Uj4e
Check out our video course! The Nuts and Bolts of OAuth 2.0
oauth2simplifi...
Learn more about OAuth at oauth.net
--
Okta is a developer API service that stores user accounts for your web apps, mobile apps, and APIs.
Sign up for Okta for free at developer.okta...
For more info visit us at developer.okta...
Developer Blog: developer.okta...
Sign up for our monthly newsletter! a0.to/zeroindex
Follow us on Twitter: / oktadev
Follow us on FB: / oktadevelopers
Follow us on LinkedIn: / oktadev

Пікірлер: 80

@jojojawjaw 2 жыл бұрын

I don't think I've ever seen a tutorial this informative, clear, and helpful before!

@WittCode 3 жыл бұрын

I got more out of this 5 minute video than reading a ton of articles! Thanks so much!

@charlesbevitt6727 4 жыл бұрын

I’ve been wondering why the heck anyone would want to use OAuth in a strictly first party situation. You really explained it well and I’m finally convinced. Big thanks for a great video.

@charlesopuoro5295 2 жыл бұрын

Absolutely!!! Same. He sure did. It reduced the Attack Surface Area as explained.

@ip2design 5 жыл бұрын

A very clear and helpful introduction. Thanks for shooting this video

@fijaisonjd 4 жыл бұрын

Good explanation. Background music is a bit distracting.

@Julian-tf8nj 4 жыл бұрын

yeah, I kept saying "what the heck is that noise??"

@shashvatshukla 2 жыл бұрын

You made the world a better place by making this video.

@안안재형-h8v 3 жыл бұрын

This is the best introduction video for OAuth concepts. Thank you for the material.

@joshbrolicwright Жыл бұрын

Thank you for keeping it simple and to the point!

@manjotsinghjuneja217 2 жыл бұрын

the best 5 minutes of my entire day, thank you!

@sachinmankotia2291 2 жыл бұрын

Simple and clear explanation. I have used oauth before in my projects, but to be honest, I learnt its exact flow today :)

@ryanjohnson4566 2 жыл бұрын

Thanks, great to get a good human explanation. These things are not that complicated, but all the new terms that are introduced muddy the waters for me. Your explanation is excellent.

@candiceerasmus5943 3 жыл бұрын

I am extremely green in this space - this was such an amazing introduction to OAuth for me. Thank you thank you thank you

@francisrafal 4 жыл бұрын

Thank you, that explanation was exactly what I was looking for!

@ericdavid890 4 жыл бұрын

Just getting acquainted with oauth and this is a great intro!

@AsifChauhan 5 жыл бұрын

Very interesting point about companies' internal 1st part apps using OAuth as Authentication vs just for Authorization👌

@charlesopuoro5295 2 жыл бұрын

Thanks a whole lot for this video. It served its intended purpose.

@alexshmalex Жыл бұрын

Epic. Super helpful, thanks for posting.

@pavanamancherla5039 4 жыл бұрын

Nicely explained. Appreciate your efforts

@user-or7ji5hv8y 3 жыл бұрын

Concise and well explained.

@alexandermoeller5299 5 жыл бұрын

great explanation! Thanks for the video

@befit_kw7762 5 жыл бұрын

Graphical representation would be extremely beneficial. Great work👍 We need tutorials on Google fit api as well as other APIs.. Thanks

@bdemers 5 жыл бұрын

How about this one! developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc

@NYYstateofmind 2 жыл бұрын

Why is sms mfa insecure? Also, when you rely on Google for Oauth are you sharing application specific data? Or does Google only know that you use that service and when you log in

@-Ncrypt 2 жыл бұрын

SMS MFA is prone to SIM swap attacks. An attacker can also break into the cellular network and intercept SMS messages to your phone. However, it's still better to have SMS MFA on than no MFA at all.

@gauravvarma3645 Жыл бұрын

Super insightful, thanks

@danielelmuneco1994 4 жыл бұрын

Wow! Very clear. Thank you :)

@cloudguy4192 3 жыл бұрын

Thank you for posting the video!

@jims2507 4 жыл бұрын

Thank you! I never understood giving up my twitter password to another website for authentication, but I see that option ALL the time.

@KDOERAK 4 жыл бұрын

a great talk: thx and keep them coming!

@venky76v 5 жыл бұрын

Awesome video tutorial guys ✌️✌️

@dsulvadarius 4 жыл бұрын

Wow! Beautifully explained.

@harikrishnareddym 3 жыл бұрын

Wow..Brilliant... too good... and all other good superlatives here.... :) ... thank you

@AlphyGacheru 4 жыл бұрын

Very useful, thank you!

@barzanahmed7194 3 жыл бұрын

OAuth IS AWESOME!!!

@JACKSONANTO 2 жыл бұрын

Really good one

@johnhack67 3 жыл бұрын

thanks

@RajanieshKaushikk 4 жыл бұрын

very nice video!!

@mnite3842 4 жыл бұрын

One word - Awesome!!!!

@shilpashravge8083 2 жыл бұрын

Thanks !!

@OktaDev 2 жыл бұрын

Welcome!

@randommode3016 3 жыл бұрын

4:47 reasons why you should use OAuth for everything

@zaimcodes 3 жыл бұрын

Basically, OAuth is a protocol that redirects user from the 3rd party application and authenticate themselves through the OAuth server (I got confused here so Google, Twitter, and other trusted applications have their own OAuth server?) while having the ability to understand what data the 3rd party application able and unable to access, right? 3:30 basically SSO isn't it? So, OAuth protocol allows 3rd party application (external) to access data/API of the trusted application securely while SSO allows the user to access various services of the same application (internal) without needing to login over and over again, isn't it?

@WhiteSiroi 2 жыл бұрын

thank you

@abhinavraut3099 4 жыл бұрын

very clear thanks!

@chologhuribangladesh7792 2 жыл бұрын

very helpful, described video. Like oAuth101.

@gamerrana786 9 ай бұрын

how can we make our own? If we have our own brand

@Cowglow 5 жыл бұрын

!!! awesome video!

@greendsnow 2 жыл бұрын

what if they're working for an Intelligence Office?

@JJovich 5 жыл бұрын

Thanks great video

@ChrisAthanas 2 жыл бұрын

Rather than hand waving, and use of “the app”, why not give us some images so it’s very clear and not confusing

@randommode3016 3 жыл бұрын

4:18 people makes mistakes so true 🙈

@sufyanshoaib 5 жыл бұрын

awesome.. thanks... just need to slowdown a bit ...

@aaronpk 5 жыл бұрын

If I do that, then people are just gonna complain that I talk too slow!

@sufyanshoaib 5 жыл бұрын

@@aaronpk I am happy in both cases ... :) :+1:

@mikexue5104 4 жыл бұрын

me too. but it only means i need improve my listening skills.

@williamroncallo7926 Жыл бұрын

I have seen his videos before, and have always been confused on something… I understand why he says third-party applications, when saying Oauth was created for accessing them from the client applications, so that the client application doesn’t have to ask the user for the password, but why does he call client applications first party? What is a second party application then?

@taraleseena5321 Жыл бұрын

Yelp is third party.. for the app resource (Yelp content), they are also first party. Unfortunately, they want your Google password, for which they are a third party between you and Google)

@muchirajunior Жыл бұрын

why should we not use messages multi factor auth

@OktaDev Жыл бұрын

Hello, thanks for your question. Could you expand a bit more on what you mean by messages for MFA, please? Thanks!

@muchirajunior Жыл бұрын

@@OktaDev on the video you said its a bad idea to use messages for MFA

@jarekwisniewski5468 3 ай бұрын

Simple and Easy.... Realy??? :)

@ThePrachi19 2 жыл бұрын

Nice explanation… but Next time please remove the BGM when you are explaining, I could hardly concentrate😢

@byzantinethrive 3 жыл бұрын

What happened to Justin

@croooaaalagraula 5 жыл бұрын

Good explanation, only guy speaks too fast for majority of audience, and would have been great to have some graphics illustrating his explanations.

@rafadydkiemmacha7543 4 жыл бұрын

He really wanted to make it 5 minutes 😅

@vuufke4327 2 жыл бұрын

when is the last time you blinked?

@ilgioa 3 жыл бұрын

The background music is quite distracting.

@randommode3016 3 жыл бұрын

4:19 lol when you discover that your application has logging password in a text file for months (? 🤣 I hope that never happens🙏 let's use OAuth

@erensolmaz2435 Ай бұрын

so github email

@toohype8762 2 жыл бұрын

Oh yeas, lets put one monolith point of failure in our application and let google run it. I'm sure they're doing this out of the goodness of their heart. Also if you want any support better hope the community addresses it cuz google corporate wilil not give AF. Better hope the project manager doesn't get promoted then google depreciates the service cuz no one wants to maintain code they want to create fancy products looking for a problem.

@aaronpk 2 жыл бұрын

To be clear, Google in this example is providing a service to Google itself.