I want to understand what is usually meant by the term "OAuth Provider". There seems no mention of it in the OAuth specification.
If we consider a OAuth Provider as a component of an application, what functions does it perform (e.g. authorization, implementation of API methods, etc.)? How does it relate to the rest of the application?
An OAuth service provider is defined with the oauthProvider element in the server. xml file. You can define an OAuth service provider by editing the server. xml file or by using the WebSphere® Application Server Development Tools for Liberty. This task describes how to define a minimal OAuth configuration.
OAuth (pronounced “oh-auth”) is a technological standard that allows you to share information between services without exposing your password. It's a widely-adopted standard that's used by developers of websites and apps, and you probably use services every day that utilize OAuth.
OAuth essentially allows the user, via an authentication provider that they have previously successfully authenticated with, to give another website/service a limited access authentication token for authorization to additional resources. Additionally, OAuth 2.0 is a framework, not a protocol (like version 1.0).
OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.
Well, OAuth provider is no part of the OAuth spec, so there's no "real" answer to your question. However, it's usually the company/person who built the OAuth-protected service, OR the OAuth-protected service itself. It can also refer to the part of the API that offers OAuth endpoints (usually /authorize
and /access_token
).
edit: The "old" OAuth 1 community spec defined the "service provider" as
A web application that allows access via OAuth.
It was later redefined in the OAuth RFC as a server, which is:
An HTTP server (per [RFC2616]) capable of accepting OAuth-authenticated requests (Section 3).
The OAuth Provider is provider that supplies the OAuth service for instance google, twitter, yahoo! or whoever you are asking to log in the user.
Or in other words the provider that tells that the user logged in successfully.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With