Authorization across Distributed Systems: The OAuth Protocol
Вставка
- Опубліковано 5 лип 2024
- Websites are like castles, with large moats around them. You need a password at the gate to get in.
And the average person has to remember 27 passwords!
Remembering passwords is a pain. About 30% of all customer queries are "How do I reset my password?"
So websites found a unique solution: outsource the authentication problem to the 𝒃𝙞𝒈 castles.
---------------------------------------------
Instead of asking users to enter an email and password, websites now ask users to "connect" them with Google for registration.
𝐿𝑜𝑔𝑖𝑛 𝑆𝑒𝑟𝑣𝑖𝑐𝑒: 𝐻𝑒𝑦, 𝑐𝑜𝑢𝑙𝑑 𝑦𝑜𝑢 𝑡𝑒𝑙𝑙 𝑚𝑒 𝑡ℎ𝑒 𝑛𝑎𝑚𝑒 𝑜𝑓 𝑎𝑏𝑐@𝑔𝑚𝑎𝑖𝑙.𝑐𝑜𝑚? 𝑇ℎ𝑒𝑦 𝑐𝑙𝑎𝑖𝑚 𝑡𝑜 𝑏𝑒 𝑦𝑜𝑢𝑟 𝑢𝑠𝑒𝑟.
𝐺𝑜𝑜𝑔𝑙𝑒: 𝑃𝑙𝑒𝑎𝑠𝑒 𝑠ℎ𝑜𝑤 𝑚𝑒 𝑡ℎ𝑒𝑖𝑟 𝑠𝑖𝑔𝑛𝑒𝑑 𝑟𝑒𝑞𝑢𝑒𝑠𝑡.
𝐿𝑜𝑔𝑖𝑛 𝑆𝑒𝑟𝑣𝑖𝑐𝑒: 𝑆𝑢𝑟𝑒, ℎ𝑒𝑟𝑒 𝑦𝑜𝑢 𝑔𝑜.
𝐺𝑜𝑜𝑔𝑙𝑒: 𝑌𝑒𝑠, 𝑡ℎ𝑎𝑡'𝑠 𝑜𝑢𝑟 𝑢𝑠𝑒𝑟. 𝑇ℎ𝑒𝑖𝑟 𝑛𝑎𝑚𝑒 𝑖𝑠 𝐽𝑜ℎ𝑛 𝐷𝑜𝑒.
𝐿𝑜𝑔𝑖𝑛 𝑆𝑒𝑟𝑣𝑖𝑐𝑒: 𝐺𝑟𝑒𝑎𝑡. 𝐼'𝑙𝑙 𝑙𝑒𝑡 𝑡ℎ𝑒𝑚 𝑖𝑛. 𝐶𝑜𝑢𝑙𝑑 𝑦𝑜𝑢 𝑠ℎ𝑎𝑟𝑒 𝑡ℎ𝑒𝑖𝑟 𝑝𝑟𝑜𝑓𝑖𝑙𝑒 𝑝𝑖𝑐𝑡𝑢𝑟𝑒 𝑡𝑜𝑜?
𝐺𝑚𝑎𝑖𝑙: 𝑆𝑜𝑟𝑟𝑦, 𝑏𝑢𝑡 𝐼 𝑐𝑎𝑛'𝑡 𝑠𝑒𝑒 𝑡ℎ𝑎𝑡 𝑖𝑛 𝑡ℎ𝑒 𝑠𝑖𝑔𝑛𝑒𝑑 𝑟𝑒𝑞𝑢𝑒𝑠𝑡.
𝐿𝑜𝑔𝑖𝑛 𝑆𝑒𝑟𝑣𝑖𝑐𝑒: 𝑁𝑒𝑣𝑒𝑟 𝑚𝑖𝑛𝑑, 𝑡ℎ𝑎𝑛𝑘𝑠.
The user is now authenticated, and a session token can be sent for further auth requests. This process of outsourcing user authentication (technically authorization, since the user authorized you to view their name) is called OAuth.
---------------------------------------------
Third-party sign-in reduces login hesitance, ease of mobile registration, and password reset issues.
It also consolidates data power into a few companies, which know exactly which websites you visited to tailor your ads (Did you register on FirstCry? Let me show you a diaper ad).
You can learn more about OAuth, SSO, and Access Control Lists at InterviewReady.
Cheers!
00:00 What will we learn?
00:20 The Problem with Passwords
01:25 OAuth Flow
04:22 War story: OAuth Doubles Signups
06:43 Advantages of OAuth
08:55 Drawbacks of OAuth
11:31 Conclusion
12:13 Distributed Security Terms
15:30 Thank you!
System Design at InterviewReady: interviewready.io/
Use the special DISCOUNT coupon of "HELLOWORLD" to avail an exclusive UA-camr channel offer!
#OAuth #Security #DistributedSystems
can we use term oAuth and SSO interchangeably ?
No they are different concepts. SSO is managed by a particular company who manage user rights themselves. OAuth is handled by large organisations who ask the user for what permissions they want to extend to the requesting website.
@@gkcs they are also different auth mechanisms
Thanks for making it. Gave good clarity.
Thumbnail is awesome👏
We can go hybrid,
I mean at the time of onboarding oAuth is best option, after that we can maintain user details with null password (no password) and give user option to setup a password to after email verification. And done , now you don't have to worry about vendor.
Hope this makes sense 😅.
Simple topic like oauth can be explained like this I never think of that 😊😊
Thank you
The first part of the title let me belief that you will be talking about auth in distributed systems like where a gateway will authenticate the caller and all microservices won't deal with auth themselves. Another interesting topic for another video?
It's covered here: interviewready.io/learn/system-design-course/design-an-emailing-service-like-gmail/chapter_2_authentication__global_caching
404 error@@gkcs
@@sasmitshubham9424 Thanks for reporting Shubham, I am looking into this.
i need to learn system design, what does your course offer which Alex Xu books dont have?
Objectively:
InterviewReady has over 220 videos on System Design, Live Classes twice a month and lifetime validity.
ByteByteGo doesn't offer any of the above.
Subjectively:
InterviewReady users have changed their thinking about tech after going through our courses. The in-depth explanations helped secure better salaries, switch companies and add value in team discussions.
In short:
Over 15000 users have found the courses awesome. We are rated >4.5/5 on average :D
Your tech team will be glad that you made this investment.
sure will enroll soon@@gkcs
What do you use to track user movement on the website?
Microsoft Clarity is a good tool.
How about Okta & Active directory?
Ruko zaraa, sabr karo.
Bola na? Dhakka-mukki nahi karne ka!
First viewer 😍
Thank you 🙏
Problem is the actual implementation by each service. They all do it differently & always a pitn trying to solve the puzzles.
first
Yey!