OAuth 2.0 access tokens explained
Вставка
- Опубліковано 2 гру 2018
- Try it out at oauth.com/playground and sign up for a forever-free developer account at developer.okta.com/signup/
Aaron's book: OAuth 2.0 Simplified amzn.to/2S6Uj4e
Check out our new video course! The Nuts and Bolts of OAuth 2.0
oauth2simplified.com/course
Sign up for our monthly newsletter! a0.to/zeroindex - Навчання та стиль
Brilliant analogy and very well explained so everybody can understand it. Thanks for sharing.
Absolutely mind blowing, I can't recall if I've ever seen anything explained so beautifully on UA-cam before. Thanks!
I was trying to think of a real world example to explain about OAUTH, your example is spot on and your explanation and correlation with the concept is awesome!! Great job and thanks for posting it!!
Great analogy. We need more brilliant educators like you
Thank you very well explained ! I am great at explaining anything to do with car engines and car parts but not good at understanding computers and how the programs work..i can use a laptop and work my way around but have some trouble understanding things such as URLs and tokens and so on.Thank you so much for taking the time to explain this ! You helped me so much !! Great Video very well explained , this really helps people like me who are not great with computers ..Hope to see more videos from you...!!
I just learned more in 3 minutes watching you than I did in 20 minutes watching other content. Thankyou for a clear concise explanation that had an amazing analogy!
Glad it was helpful!
Brilliant analogy. Love the way you articulate the concept 👏👏
This was literally the smoothest explanation I have seen so far! Thank you so much.
Very well explained. Now I will never forget this!
A simple and clear explanation!
Your explanation is superb! What an underrated channel here on UA-cam 😱
Great analogy! Well done!
great explanation!! clear, simple and short!
Nicely explained, This is the Authorization part for accessing the API
Very easy to understand and clearly delivered, thanks
This is such a perfect analogy. THANK YOU
Very good analogy. Simple but clear explanation
Awesome simple explanation, thank you 🙏
Perfect example. Thanks for posting
Nice explanation man!
Great explanation!
Super.........and to the point ...helped in thinking more clearly about the auth process in OAuth
Clear as crystal 🔮 ,Thanks for sharing.
Such an easy way to understand thanks a lot for ur knowledge sharing 🙏
Very nice, excellent analogy.
Simply brilliant.
genius analogy!! Thanks a lot!!
Bro, you are a life saver 🔥
Good explanation... Nice tshirt.
Amazing. Thank you!
Great explanation!🎉🎉🎉
Thank you! 😃
excellent explanation!!! Hotel key card. thanks.
Excellent!
Good explanation
It's a good explanation of the token. I thought you'll also explain a bit OAuth 2.0 though.
Brilliant analogy and very helpful for a non-IT person like me. Can sometimes these tokens/room keys for single-use? Do they usually have a validity period/lease time? Are these called Dynamic tokens?
excellent!
Just like you need to have the keycard in your hand and swipe it to get in, where does the access token need to go on, say, a GET request so that the resource server knows it is allowed to give me the info I ask for? Do I put the whole token string in the Authorization parameter of the header?
Got the point!!
Tks sir 🤟
perfectly explained
Hi,
May explain for me about after do call api refresh token to renewal access token, so current access token will being kept using or it will be expired if I use OAuth 2.0 flow.
short...crisp....clear !!
Does anyone know what URL to enter that redirects the seller authorization to my production application? I don't get it.
Well understood
Do you have such video regarding OIDC.
Plz share a link
How does one revoke an access token in OAuth2? Is it possible or should it be solved by having very short expirations of AccessToken?
Amazing how you related access token with practical example.
Glad you think so!
@@OktaDev Your videos are amazing. Actually I am trying to implement oauth2 in one of my project using Springboot. However I don't find any videos related to the implementation. Could you please share few videos on the same
@@0sand1s31 I created a video last year on how to create an OAuth 2.0 resource server with Spring Boot. Maybe it'll help? ua-cam.com/video/w-qKailh3WQ/v-deo.html
@@mraible Thank you. I will go through it.
it's so simple!!
How i get access token..?
At 2:30 you mentioned a "jot", is that how JWT is pronounced?
Yep it is! Sorry I should have clarified that!
@@aaronpk Ys. Im sured
Unfortunately yes. "jot" is arguably an oversimplification of JWT and probably slows communication long enough to lose any gained time of saying "jot" over "jay dub el you tee". Humans tend to reduce identifiers the more they're used, which is why "JSON Web Token" was reduced to "JWT" and then "jot". Since 9 in 10 people ask "what is a jot?" the first time they hear it, which causes, at minimum, a 10 second conversation that would have never happened otherwise, "jot" is arguably oversimplified. Gaining 0.5 seconds and losing 10 every time you say something is a net loss. Not to mention cryptic communication is always a poor choice (i.e. choosing a little-known, but slightly more effective word when a well-known, slightly-less effective word will do, always yields lower comprehension, and if your goal is comprehension, making that choice was, by definition, an error).
There is an adage "Make it as simple as possible, but not simpler", taking JWT to "jot" probably violates that, however, that's what humans tend to do, so the next time you invent a cool piece of technology, try to make sure it can be reduced to 3 letters and one syllable ahead of time; you'll save a lot of people from feeling dumb :)
Thanks a lot ....
Great would like the same clear explanation for all the stuff before the access token.
When you say access-token, do you mean basic token or bearer. I assume it bearer. Then what is basic token in the hotel analogy?
I believe there is not basic token, there is basic auth which is sually base64urlencoded username:password, this gets you a JWT
Access token are sent to Api to access resources over a front channel- which is less secure. Does it not defeat the purpose of OAuth calls over back channel between auth service and client server ,to make it more secure? Ultimately, we get the access token which can be hacked , just like the auth code , both being passed over front channel.
Would you please explain this, if I'm missing anything in this understanding.
Check out this livestream we did recently talking more about the front channel vs back channel: ua-cam.com/video/uwbqqRA7wbI/v-deo.html
Access tokens are not sent to resource servers (APIs) in the front channel, they are sent in the back channel. That said, you are correct that if someone can steal an access token that is bad. It's the same as a hotel key, if you find one on the ground you can pick it up and try using it at all the doors.
cool, where refresh token may be in this analogy? maybe girl on reception that can give you a new access token if you lose yours if you show a statement about the payment of the hotel bill(this one is refresh token)
But what foed API mean btw? I m a little less lost,but still a little...
it is very simple
unless u understand it in coding.
🙂
Cool glasses
i wonder if the OAuth has got the user ID in
i was there in the first half.😅😅
What is a bearer token ? Is it the same access token ?
So the user generates a hotel key for me to use :)
Thank You! #KaiBuskirk #CodeLessWorkFlows
Whoever came up with the OAuth2 mechanism surely had the idea while checking in at a hotel. You can bet you bottom dollar.
Who is the audience in this metaphor?
Didn't help to resolve problem
So I got a creator code
This guy urgently needs a tutorial on visual aids to present complex ideas... Or he loves being in front of the camera...
This guy seems like ai generated human.
Thank you. Example was good, but it felt like you were repeating same thing again and again all video.. Sorry 👎