Web Api Blog

 
 
 

What is OAuth?

OAuth – Is open standard for access delegation.

It is used to provides “secured delegated access”


Example:

  • Login using Facebook on Instagram.com or Foursquare.com.
  • Bank access delegation to withdraw money and invest in stock (Robinhood)

In this example, I will show how Oauth 2.0 works with Foursquare.com app authentication as example.

Sample Oauth 2.0 flow diagram will explain how things works in pictorial way.

Oauth 2 Flow diagram step by step

Oauth 2.0 Flow specific to Foursquare.

Oauth 2 Flow diagram

  • The web server (example: codepoc.io) redirects the user to Foursquare.com to authenticate and authorize the codepoc.io app to access the user's foursquare data.
  • After the user approves access, Foursquare.com will redirect back to the web server with an authorization code.
  • After obtaining the authorization code, the web server passes back the authorization code to get a token response.
  • After validating the authorization code, Foursquare.com passes back a access token as json response.
  • After the token is granted, the web server can accesses the user’s foursquare data such as checkins, etc.

As shown on Foursquare.com (Step by step example)

Step 1

Your foursquare app will redirect users to Foursquare.com

https://foursquare.com/oauth2/authenticate
    ?client_id=YOUR_CLIENT_ID
    &response_type=code
    &redirect_uri=YOUR_REGISTERED_REDIRECT_URI

Step 2

If the user allows access to your foursquare app, they will be redirected back to your app with an authorization code.

https://YOUR_REGISTERED_REDIRECT_URI/?code=CODE

Step 3

Your foursquare app should exchange the authorization code it got in step 2 for an access token. Make a request for

https://foursquare.com/oauth2/access_token
    ?client_id=YOUR_CLIENT_ID
    &client_secret=YOUR_CLIENT_SECRET
    &grant_type=authorization_code
    &redirect_uri=YOUR_REGISTERED_REDIRECT_URI
    &code=CODE

Step 4

The response will be JSON

{ access_token: ACCESS_TOKEN }

Step 5

Save this access token for this user in your database.


 
 
Didn't find what you were looking for? Find more on How Oauth 2.0 works with Foursquare.com as example