Monthly Archives: October 2014

List of HTTP response status codes

Application that we developed sometime unexpectedly show error message or some time during debugging need to identify the status of the request. To identify the type of error or response status codes very first thing will see the error code returned by the page. Based on the response status code we can narrow down the error type or identify the status of the request like Success/failure.

Basically we can group the response status code in 4 different types
1) Informational (1XX)
2) Success (2XX)
3) Redirection (3XX)
4) Client (4XX)


Each group have different type of status code for more you can reffer here

Highlight about OAuth2.0

OAuth 2.0 is an open authorization protocol through this you can access the resources of currently logged in user along with there permission,from the resource server, without having to give their username and password directly to the your app

OAUTH have 4 different pieces of role

1) Resource Owner (User)
End user or person who access the ‘Client Application’ provide permission to access their protected information over the Resource Server.
2) Resource server
Serving the protected user’s information, based on the requested token_access.
3) Client Application
Request the Resource server behalf of the Resource Owner along with the authorization.
4) Authorization server
It will issue the ‘token_access’ as response back to ‘client application’ after successful ‘authentication and authorization’ of resource owner

OAUTH  WorkFlow

WorkFlow of Oauth


To access the ‘Resource Owner’ information from Resource Server Client Application need ‘access_token’ as the indication of ‘Resource Owner’ Authorization called ‘Authorization_Grant’.

Before a client application can request access to resources on a resource server, the client application must first register with the authorization server associated with the resource server.
The client ID and secret is unique to the client application on that authorization server.
Whenever the client application requests access to resources stored on that same resource server, the client application needs to authenticate itself by sending along the client ID and the client secret to the authorization server.

There are 4 type of authorization grants
1) Authorization Code
Instead of getting authorization directly from the resource owner, the client directs the resource owner to an authorization server,which in turn directs the resource owner back to the client with the authorization code.

Note:-authorization code is obtained by using an authorization server as an intermediary between the client and resource owner.

2) Implicit
It is optimized authorization code flow implemented in a browser using a scripting language like Java script. Here instead of issuing intermediate authorization code ‘Client server’ directly gets access_token. It improve the responsiveness and efficiency by reduce the number of round trip to obtain the access_token.

3) Resource Owner Password Credentials
It can be used directly as an authorization grant to obtain an access_token.It should only be used when there is a high degree of trust between the resource owner and the client.

4) Client Credentials
It can be used as an authorization grant when the authorization scope is limited to the protected resources under the control of the client.

OAUTH Endpoints:-
The authorization process utilizes two authorization server endpoints

1) Authorization endpoint
It will be on the authorization server where the resource owner server grants authorization to the client application.
2) Token endpoint
Client application obtain an access token by passing authorization code along with client id, client secret. It is taken place at the resource server side.
3) Redirection endpoint
Once client application is granted with authorization at the authorization endpoint, the resource owner will be redirected to the specified page of client application.

Overview of OAUTH

In our modern web development login to the web application to access the resources takes different forms in last few years. Since from 2009 we can able to see many sites facilitate their users  by providing third party authentication/authorization. The main use of this 3rd party authentication/authorization is they no need to create there information with each client application. Just they can make use of their existing user account from different resource server(Facebook,twitter,linkedin…)

Most of the 3rd party authentication/authorization provides are from social networking/commercial web application one of main advantage here is they can easily share their information with other over the network.Currently there are more number of 3rd party authentication/authorization provides, in the developer stand if we need to integrate each provides in this point OAUTH come into picture.

OAUTH is a common standard implemented by the each 3rd party provides to implement with out application. OAUTH provide the secure way of access the resource information need for client application.Through OAUTH user can authentication/authorization the client application to access there information without sharing there credential. As per the specification of OAUTH the communication happen client application and resource server through access_token.

List of popular 3rd party provides using OAUTH

1) Facebook
2) Google
3) twitter
4) LinkedIn
5) Microsoft
6) Yammer
7) Instagram
8) PayPal

%d bloggers like this: