How Oauth 2.0 works with Foursquare.com as example

What is OAuth?

It is used to provides “secured delegated access”

Example:

• Login using Facebook on Instagram.com or Foursquare.com.
• Bank access delegation to withdraw money and invest in stock (Robinhood)

In this example, I will show how Oauth 2.0 works with Foursquare.com app authentication as example.

Sample Oauth 2.0 flow diagram will explain how things works in pictorial way.

Oauth 2.0 Flow specific to Foursquare.

• The web server (example: codepoc.io) redirects the user to Foursquare.com to authenticate and authorize the codepoc.io app to access the user's foursquare data.
• After the user approves access, Foursquare.com will redirect back to the web server with an authorization code.
• After obtaining the authorization code, the web server passes back the authorization code to get a token response.
• After validating the authorization code, Foursquare.com passes back a access token as json response.
• After the token is granted, the web server can accesses the user’s foursquare data such as checkins, etc.

As shown on Foursquare.com (Step by step example)

Step 1

Your foursquare app will redirect users to Foursquare.com

https://foursquare.com/oauth2/authenticate
    ?client_id=YOUR_CLIENT_ID
    &response_type=code
    &redirect_uri=YOUR_REGISTERED_REDIRECT_URI

Step 2

If the user allows access to your foursquare app, they will be redirected back to your app with an authorization code.

https://YOUR_REGISTERED_REDIRECT_URI/?code=CODE

Step 3

Your foursquare app should exchange the authorization code it got in step 2 for an access token. Make a request for

https://foursquare.com/oauth2/access_token
    ?client_id=YOUR_CLIENT_ID
    &client_secret=YOUR_CLIENT_SECRET
    &grant_type=authorization_code
    &redirect_uri=YOUR_REGISTERED_REDIRECT_URI
    &code=CODE

Step 4

The response will be JSON

{ access_token: ACCESS_TOKEN }

Step 5

Save this access token for this user in your database.