What is OAuth 2.0 overview in Rest API?

Rest APIprogramming~5 mins

OAuth 2.0 overview in Rest API

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

OAuth 2.0 helps apps safely access your information without sharing your password. It lets you give limited access to your data on other websites or apps.

When you want to let a website post on your social media without giving it your password.

When an app needs to read your email or calendar but you don't want to share your login details.

When you want to sign into a new app using your Google or Facebook account.

When a service needs to access your data on another service securely and temporarily.

Syntax

Rest API

OAuth 2.0 uses these main steps:
1. Client requests permission from user.
2. User grants permission and gets an authorization code.
3. Client exchanges code for an access token.
4. Client uses access token to access protected resources.
5. Access token expires or is revoked.

The access token is like a temporary key to your data.

The authorization code is a short-lived code to get the access token.

Examples

This is the URL where the user is asked to approve access.

Rest API

GET /authorize?response_type=code&client_id=abc123&redirect_uri=https://app.com/callback&scope=read_profile

The client sends this request to exchange the authorization code for an access token.

Rest API

POST /token
Headers: Content-Type: application/x-www-form-urlencoded
Body: grant_type=authorization_code&code=AUTH_CODE&redirect_uri=https://app.com/callback&client_id=abc123&client_secret=secret

The client uses the access token to get user data.

Rest API

GET /user/profile
Headers: Authorization: Bearer ACCESS_TOKEN

Sample Program

This example shows the main OAuth 2.0 steps: getting authorization, exchanging code for token, and using the token to access data.

Rest API

import requests

# Step 1: User is redirected to this URL to authorize
auth_url = (
    "https://example.com/oauth/authorize?"
    "response_type=code&client_id=abc123&redirect_uri=https://app.com/callback&scope=read"
)
print(f"Go to this URL and authorize: {auth_url}")

# Step 2: After user authorizes, they get a code (simulate here)
authorization_code = "sample_auth_code"

# Step 3: Exchange code for access token
response = requests.post(
    "https://example.com/oauth/token",
    data={
        "grant_type": "authorization_code",
        "code": authorization_code,
        "redirect_uri": "https://app.com/callback",
        "client_id": "abc123",
        "client_secret": "secret"
    }
)

# Simulate response
response_json = {"access_token": "sample_access_token", "token_type": "Bearer", "expires_in": 3600}

print(f"Access token received: {response_json['access_token']}")

# Step 4: Use access token to get user info
headers = {"Authorization": f"Bearer {response_json['access_token']}"}
# Simulate user info request
user_info = {"id": "user123", "name": "Alice"}
print(f"User info: {user_info}")

OutputSuccess

Important Notes

OAuth 2.0 does not share your password with the app requesting access.

Access tokens usually expire after some time for security.

Always keep your client secret safe and never share it publicly.

Summary

OAuth 2.0 lets apps access your data safely without your password.

It uses authorization codes and access tokens to control access.

This keeps your information secure and under your control.