OAuth: before and after
Did you know that users used to share their login information with third-party apps, which caused trust issues? To address this, OAuth was introduced, which not only resolved the trust issues...
Before the introduction of OAuth, third-party applications such as Facebook, Yelp, and others would request access to the email credentials of users' Gmail, Yahoo, and other email accounts in order to retrieve their contact lists. In this scenario, users had to share their email login information with third-party app providers, relying solely on trust.
Before oAuth, the 3rd-party-apps were saving the credentials. But eventually, trust issues were raised.
Anyone with access to the 3rd-party-app databases would be able to access user emails. This led to the oAuth introduction.
OAuth: OAuth, stands for Open Authorization, is an open standard that enables access delegation. Its primary purpose is to allow web users to grant websites or applications access to third-party apps without having to share their login credentials.
OAuth is a centralized server to manage user credentials.
With OAuth, user credentials are managed through a centralized server, providing a more secure way of accessing information. It is a service offered by various providers including Google, Yahoo, LinkedIn, Facebook, and many others.
Advantages with oAuth:
User Experience: The user experience is improved by using OAuth since users no longer need to repeatedly sign up for multiple applications. By signing up once, users can be onboarded to all other applications, making the process more convenient and streamlined.
Centralized credentials management: By using centralized credentials management, multiple applications can leverage identity management without the need for individual implementations in each application.
Changes to authentication: Enhancing security through changes to authentication is made simpler with a centralized approach. Instead of implementing security measures such as multi-factor authentication in multiple applications, it can be done once for the centralized system, making it easier to manage and maintain a higher level of security.
Exposure to secure data: The implementation of authentication in multiple applications can expose highly secure data to numerous teams, which can be a security risk. However, by using OAuth, the exposure of highly secure data can be limited to specific identity management teams, enhancing the security of the data.