Intro to OAuth

Learning Objectives

• be able to describe authentication
• be able to describe authorization
• understand the OAuth work flow
• Read and understand client side code that uses OAuth

This lecture aims at giving a basic overview of authentication and authorization. This covers token based authentication and serves as the students first look into the aspects of user authentication. This lessons focuses on OAuth 2.

Recommended Previous Knowledge

This lecture should be given toward the later part of unit-iii - full stack fundamentals.

Slides

https://slides.com/markdewey-1/authenticationandauthorization#/

Full Code Samples

• OAuth Code sample (Auth0, React, .NET) https://github.com/mdewey/PlacesIHaveBeen
• TODO: create code example for auth not using Auth0
• TODO: add ruby examples

Lecture notes

• Begin with intro to the problem of authentication and authorization

• use the slides as a guide

• the flow is

  • what is authentication
  • what is authorization
  • cookie vs token
  • OAuth

• Watch this video with pausing at times to reviewing and re-explaining concepts

  • https://www.youtube.com/watch?v=CPbvxxslDTU

• break -

• walk over react code samples

• lunch -

• walk over back-end language samples

Possible Assignments

• auth0.md
• recovery blog

Additional Resources

• AuthO and react https://auth0.com/docs/quickstart/spa/react#install-auth0-js

Next Lectures

• This should be towards the end of full stack fundamentals, so the next lecture should be more practice, with possibly adding auth to an existing app