What is OAuth and why does it matter? - OAuth in Five Minutes
Vložit
- čas přidán 20. 01. 2020
- In this video we cover what OAuth is and why we even have it in the first place. OAuth in Five Minutes is a series where we deep-dive on various topics around OAuth in just five minutes!
Buy the book! amzn.to/2S6Uj4e
Check out our video course! The Nuts and Bolts of OAuth 2.0
oauth2simplified.com/course
Learn more about OAuth at oauth.net
--
Okta is a developer API service that stores user accounts for your web apps, mobile apps, and APIs.
* Sign up for Okta for free at developer.okta.com/signup/
* For more info visit us at developer.okta.com/
* Developer Blog: developer.okta.com/blog/
* Sign up for our monthly newsletter! a0.to/zeroindex
* Follow us on Twitter: / oktadev
* Follow us on FB: / oktadevelopers
* Follow us on LinkedIn: / oktadev - Věda a technologie
I don't think I've ever seen a tutorial this informative, clear, and helpful before!
I got more out of this 5 minute video than reading a ton of articles! Thanks so much!
A very clear and helpful introduction. Thanks for shooting this video
Thank you for keeping it simple and to the point!
I’ve been wondering why the heck anyone would want to use OAuth in a strictly first party situation. You really explained it well and I’m finally convinced. Big thanks for a great video.
Absolutely!!! Same. He sure did. It reduced the Attack Surface Area as explained.
Good explanation. Background music is a bit distracting.
yeah, I kept saying "what the heck is that noise??"
This is the best introduction video for OAuth concepts. Thank you for the material.
Thank you, that explanation was exactly what I was looking for!
Just getting acquainted with oauth and this is a great intro!
You made the world a better place by making this video.
I am extremely green in this space - this was such an amazing introduction to OAuth for me. Thank you thank you thank you
the best 5 minutes of my entire day, thank you!
Thanks, great to get a good human explanation. These things are not that complicated, but all the new terms that are introduced muddy the waters for me. Your explanation is excellent.
Simple and clear explanation. I have used oauth before in my projects, but to be honest, I learnt its exact flow today :)
Thanks a whole lot for this video. It served its intended purpose.
Nicely explained. Appreciate your efforts
Very interesting point about companies' internal 1st part apps using OAuth as Authentication vs just for Authorization👌
great explanation! Thanks for the video
Concise and well explained.
Wow! Very clear.
Thank you :)
Wow! Beautifully explained.
Epic. Super helpful, thanks for posting.
Thank you for posting the video!
Awesome video tutorial guys ✌️✌️
a great talk: thx and keep them coming!
Very useful, thank you!
Super insightful, thanks
very clear thanks!
One word - Awesome!!!!
Graphical representation would be extremely beneficial. Great work👍
We need tutorials on Google fit api as well as other APIs..
Thanks
How about this one! developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc
!!! awesome video!
Thanks great video
very nice video!!
Wow..Brilliant... too good... and all other good superlatives here.... :) ... thank you
Thank you! I never understood giving up my twitter password to another website for authentication, but I see that option ALL the time.
Really good one
thanks
thank you
very helpful, described video. Like oAuth101.
OAuth IS AWESOME!!!
Thanks !!
Welcome!
Why is sms mfa insecure?
Also, when you rely on Google for Oauth are you sharing application specific data? Or does Google only know that you use that service and when you log in
SMS MFA is prone to SIM swap attacks. An attacker can also break into the cellular network and intercept SMS messages to your phone. However, it's still better to have SMS MFA on than no MFA at all.
Basically, OAuth is a protocol that redirects user from the 3rd party application and authenticate themselves through the OAuth server (I got confused here so Google, Twitter, and other trusted applications have their own OAuth server?) while having the ability to understand what data the 3rd party application able and unable to access, right?
3:30 basically SSO isn't it? So, OAuth protocol allows 3rd party application (external) to access data/API of the trusted application securely while SSO allows the user to access various services of the same application (internal) without needing to login over and over again, isn't it?
4:47 reasons why you should use OAuth for everything
how can we make our own? If we have our own brand
what if they're working for an Intelligence Office?
awesome.. thanks... just need to slowdown a bit ...
If I do that, then people are just gonna complain that I talk too slow!
@@aaronpk I am happy in both cases ... :) :+1:
me too. but it only means i need improve my listening skills.
I have seen his videos before, and have always been confused on something… I understand why he says third-party applications, when saying Oauth was created for accessing them from the client applications, so that the client application doesn’t have to ask the user for the password, but why does he call client applications first party? What is a second party application then?
Yelp is third party.. for the app resource (Yelp content), they are also first party. Unfortunately, they want your Google password, for which they are a third party between you and Google)
Rather than hand waving, and use of “the app”, why not give us some images so it’s very clear and not confusing
4:18 people makes mistakes so true 🙈
why should we not use messages multi factor auth
Hello, thanks for your question. Could you expand a bit more on what you mean by messages for MFA, please? Thanks!
@@OktaDev on the video you said its a bad idea to use messages for MFA
¿A qué clase de cerebrito se le ocurrió presentar información técnica en vídeo?
What happened to Justin
when is the last time you blinked?
4:19 lol when you discover that your application has logging password in a text file for months (? 🤣 I hope that never happens🙏 let's use OAuth
Good explanation, only guy speaks too fast for majority of audience, and would have been great to have some graphics illustrating his explanations.
He really wanted to make it 5 minutes 😅
The background music is quite distracting.
Nice explanation… but Next time please remove the BGM when you are explaining, I could hardly concentrate😢
tante ciacoe
Oh yeas, lets put one monolith point of failure in our application and let google run it. I'm sure they're doing this out of the goodness of their heart. Also if you want any support better hope the community addresses it cuz google corporate wilil not give AF. Better hope the project manager doesn't get promoted then google depreciates the service cuz no one wants to maintain code they want to create fancy products looking for a problem.
To be clear, Google in this example is providing a service to Google itself.
Samikhadris
Would help if you speak 50 words per minute instead of 200
too fast
You repeat yourself a lot. Video could have been 2:30