prashant2796 · February 11, 2018 11:51
diff --git a/Social Login b/Social Login
 What is Oauth?

 OAuth is basically an authorization framework that is commonly used as a way for internet users to grant websites or applications to  access to their information on other websites.

 Basically, it delegates authorization process to other application to make sure about user's identity.
 Consider, there is an end user, an application A(which is client i.e your website) and Application 2(resource server i.e google,facebook etc).The user who is using application A wants to login into application A through google.Insist of user sharing email and password of google with application A, the application A will redirect the user to gmail website where the user will login and authorize application A to have access to its information on google without sharing his/her password.

 Oauth workflow:
 1)Server-Side flow(Explicit flow):

 a)First step is client application will register itself with authorization server(i.e google).Since it is going to use the google services to retrieve the user's data once the user gives permission to do so.It registers and gets the client_id back.

 b)So when user clicks on login with google the client app will redirect it to:
 http://google.apis.com/oauth?client_id=projectlumos&state=12344567654&redirect_uri=http%3A%2F%w2Fprojectlumos.com
 Now, redirect_uri is the url google should redirect to once the user authenticates

 c)Next step, User will enter the login details on the google page. Google then authenticates and redirects back to the redirect url along with state=12344567654&code=0002222.

 d)Then from that point of time client app will take that code and send it in an another http request to google's access token endpoint.

 e)google will give it back the unique token=123jhbv1123v1122112a1212b11121212

 f)And from that point in time client app will use that token for any number of request that it will send to google to get that user information.

 Advantages.

 -Most secure
 -Access tokens and refresh tokens can be created only if a shared secret is known

 Disadvantages.
 -Must implement multiple auth endpoints

 2)Client-Side flow(Implicit flow):

 a)This flow will basically be used if you are building an app that doesnt have a server component.In this case your browser itself is an client that interacts with google server.

 b)So when user clicks on login with google the browser will redirect it to:
 https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=token

 c)Next step, User will enter the login details on the google page. Google then authenticates and redirects back to the redirect url with the access_token in the url fragment itself.

 d)Now simply we can grab the access_token off the URL fragment and use that token to make request to google regarding user information.

 Advantages.

 -Simplest to implement

 Disadvantages.
 -less secure
 -Access tokens visible to browser
 -Access tokens cannot expire (by Google policy)
	What is Oauth?

	OAuth is basically an authorization framework that is commonly used as a way for internet users to grant websites or applications to access to their information on other websites.

	Basically, it delegates authorization process to other application to make sure about user's identity.
	Consider, there is an end user, an application A(which is client i.e your website) and Application 2(resource server i.e google,facebook etc).The user who is using application A wants to login into application A through google.Insist of user sharing email and password of google with application A, the application A will redirect the user to gmail website where the user will login and authorize application A to have access to its information on google without sharing his/her password.

	Oauth workflow:
	1)Server-Side flow(Explicit flow):

	a)First step is client application will register itself with authorization server(i.e google).Since it is going to use the google services to retrieve the user's data once the user gives permission to do so.It registers and gets the client_id back.

	b)So when user clicks on login with google the client app will redirect it to:
	http://google.apis.com/oauth?client_id=projectlumos&state=12344567654&redirect_uri=http%3A%2F%w2Fprojectlumos.com
	Now, redirect_uri is the url google should redirect to once the user authenticates

	c)Next step, User will enter the login details on the google page. Google then authenticates and redirects back to the redirect url along with state=12344567654&code=0002222.

	d)Then from that point of time client app will take that code and send it in an another http request to google's access token endpoint.

	e)google will give it back the unique token=123jhbv1123v1122112a1212b11121212

	f)And from that point in time client app will use that token for any number of request that it will send to google to get that user information.

	Advantages.

	-Most secure
	-Access tokens and refresh tokens can be created only if a shared secret is known

	Disadvantages.
	-Must implement multiple auth endpoints

	2)Client-Side flow(Implicit flow):

	a)This flow will basically be used if you are building an app that doesnt have a server component.In this case your browser itself is an client that interacts with google server.

	b)So when user clicks on login with google the browser will redirect it to:
	https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=token

	c)Next step, User will enter the login details on the google page. Google then authenticates and redirects back to the redirect url with the access_token in the url fragment itself.

	d)Now simply we can grab the access_token off the URL fragment and use that token to make request to google regarding user information.

	Advantages.

	-Simplest to implement

	Disadvantages.
	-less secure
	-Access tokens visible to browser
	-Access tokens cannot expire (by Google policy)