Zach Duda
OAuth2 In A Nutshell
Sep 8, 2022

OAuth2 is a set of rules for communicating sessions between two websites. Think of OAuth2 as the same rules we use daily when we drive to work. Similar to how we all understand red means stop, green means go, and when you see a person crossing the street, most times, you stop. OAuth2 is similar, as it sets a standard that 2 websites can comprehend.

Generating the OAuth URL
To start, must generate a URL and redirect the browser to begin the process of asking for the users current session. This URL will contain the following:

- Client ID
- Redirect URL
- State
- Scope
- Grant Type

The client id tells "hey it's me!!", the redirect URL says "when you're done make sure to come back here", the state is in a sense a random string of letters and numbers that help link the whole thing once it comes back (like a session id for just the OAuth request), scope tells what needs to authenticate (ids? emails? etc.), and lastly the grant type tells how would like to deal with this transaction (most commonly a "code/token" grant).

Still following along? If not that's alright! OAuth can be pretty overwhelming, but when you break it down into chunks, it becomes really straightforward. You use OAuth nearly everyday and probably don't even notice! Asking
The first step is for to ask for the session. This is done via the URL parameters with the components from above included in the query. It'll look something like this: