1
00:00:00,180 --> 00:00:07,210
So let's try to understand what is what to actually in this lecture so ought to transfer open outrage

2
00:00:07,350 --> 00:00:09,930
and to indicate it's a version.

3
00:00:10,440 --> 00:00:18,170
So before or too there is a what one or what simply, which has its own drawbacks due to that reason,

4
00:00:18,450 --> 00:00:23,420
a new version, an upgraded version of what came with the title or two.

5
00:00:23,610 --> 00:00:31,350
So it's a free and open to everyone which is built on IETF standards and licenses from Open Web Foundation.

6
00:00:31,510 --> 00:00:33,390
That means it's an open source framework.

7
00:00:33,390 --> 00:00:36,300
Anyone can understand it and adopt it.

8
00:00:36,300 --> 00:00:42,810
And there are many organizations in industry which follow or to a framework like Twitter, GitHub,

9
00:00:42,810 --> 00:00:44,490
Facebook, Google.

10
00:00:44,640 --> 00:00:50,760
So everyone uses what a framework to what is the reason why, what the framework is so famous and everyone

11
00:00:50,760 --> 00:00:51,500
is adopting.

12
00:00:51,780 --> 00:00:55,680
The reason is what the framework is a delegation protocol.

13
00:00:55,680 --> 00:01:02,520
That means it will delegate the authentication and authorization of the user to something else so that

14
00:01:02,520 --> 00:01:08,320
we don't have to take both authentication and authorization with the business logic that we maintain.

15
00:01:08,460 --> 00:01:13,050
So I understand in simple terms, let's try to take two examples that we discussed.

16
00:01:13,200 --> 00:01:21,180
One is an easy bank application where we have three different applications for loans, cards and accounts.

17
00:01:21,210 --> 00:01:27,420
So instead of maintaining the authentication on the traditional logic in all these three applications,

18
00:01:27,420 --> 00:01:35,550
I can have a single authorization server which handles violating the user credentials and issuing the

19
00:01:35,550 --> 00:01:36,370
tokens.

20
00:01:36,390 --> 00:01:41,850
So what will happen is all these three applications where now some user trying to get his launch details

21
00:01:41,850 --> 00:01:42,850
are card details.

22
00:01:43,050 --> 00:01:45,770
It will ask, do we have a token from The Observer?

23
00:01:45,790 --> 00:01:51,410
If not, it will redirect to The Observer to log in there and get the token.

24
00:01:51,630 --> 00:01:54,450
Then only I can provide you the particular resource.

25
00:01:54,630 --> 00:02:00,420
But consider that the scenario where we have third party applications involved, like Twitter and Lazarre

26
00:02:00,420 --> 00:02:05,970
app, where it can allow to analyze my tweets that I made inside the Twitter.

27
00:02:06,180 --> 00:02:10,990
So in this scenario, I don't have to really expose my credentials to it unless it.

28
00:02:11,009 --> 00:02:17,550
So whenever I want to login in the street, unless Lazarre app, it will delegate that login functionality

29
00:02:17,880 --> 00:02:22,160
to Twitter by saying, OK, this user is a Twitter user.

30
00:02:22,350 --> 00:02:26,070
I don't want to take his credentials to perform authentication or an operation.

31
00:02:26,220 --> 00:02:32,820
I will redirect to Twitter alteration server where he can enter his world credentials and I'll get a

32
00:02:32,820 --> 00:02:39,420
token from the Twitter, which I can use for all further communications to get the resources about the

33
00:02:39,840 --> 00:02:40,350
user.

34
00:02:40,530 --> 00:02:42,600
So this is one of the other scenario.

35
00:02:42,780 --> 00:02:49,380
So basically you can think or two will allow you to decouple your authentication and authorization flow

36
00:02:49,380 --> 00:02:56,280
to another server cauterization server, and at the same time, it will encourage you to maintain all

37
00:02:56,280 --> 00:03:03,300
your protected resources separately, like my accounts, my loans, my cards inside a separate server

38
00:03:03,300 --> 00:03:03,990
called Resolve.

39
00:03:03,990 --> 00:03:11,380
So which means we are clearly drawing a boundary between authentication and actual protected resources

40
00:03:11,610 --> 00:03:17,520
that server can take of authentication and authorization, whereas the resource server will hold the

41
00:03:17,520 --> 00:03:18,240
resources.

42
00:03:18,390 --> 00:03:23,020
And if someone has to give the resources, it will ask for the tokens from the Utsav.

43
00:03:23,400 --> 00:03:27,990
If the token is valid, then only it will give the resources that users are requesting.

44
00:03:28,170 --> 00:03:30,990
And the other user what, two years?

45
00:03:31,230 --> 00:03:36,840
If we are interacting with third party applications like in many websites you might have seen, like

46
00:03:37,080 --> 00:03:42,900
if you want to sign up very first time, you don't have to enter your last name, first name, email,

47
00:03:42,900 --> 00:03:50,400
mobile, because there are faster ways to achieve that by using Google, GitHub, Twitter, Facebook,

48
00:03:50,400 --> 00:03:55,980
because already these organizations have a basic information about me, like what is my last name,

49
00:03:56,340 --> 00:03:58,420
what is my first name, what is my email?

50
00:03:58,620 --> 00:04:04,650
So instead of entering all those credentials again in the new application that I want to sign up, what

51
00:04:04,650 --> 00:04:07,470
I can do is I can tell the new application.

52
00:04:07,620 --> 00:04:13,950
I have my protected resources inside Facebook, like my last name, first name, Umit, go and get from

53
00:04:13,950 --> 00:04:14,630
the Facebook.

54
00:04:14,640 --> 00:04:21,839
So as soon as a user click on the Facebook login inside that application, that application will redirect

55
00:04:21,839 --> 00:04:25,440
to Facebook login page where I can enter my credentials.

56
00:04:25,650 --> 00:04:33,540
Once my authentication is successful, Facebook will share a token to this new application to get basic

57
00:04:33,540 --> 00:04:38,390
details about me so that the registration form will be fast and efficient.

58
00:04:38,730 --> 00:04:43,230
So these are the most common users of adopting the water framework.

59
00:04:43,410 --> 00:04:48,860
In many ways you can think what to talk on the token that is issued by the alteration somewhere inside

60
00:04:49,320 --> 00:04:52,710
what the framework is like a temporary access card.

61
00:04:53,040 --> 00:04:59,580
So instead of providing the credentials again and again, this temporary access token will help me.

62
00:05:00,070 --> 00:05:07,100
Will help the third party APIs to access my protected resources, and we know that expenditures are

63
00:05:07,150 --> 00:05:10,350
now someone invalidate my access token inside that.

64
00:05:10,360 --> 00:05:13,730
So definitely I have to read log again.

65
00:05:14,170 --> 00:05:20,140
So instead of sharing your actual credentials like Moustaki, I will get a temporary access card, which

66
00:05:20,140 --> 00:05:23,380
we call it as Access Grogan's inside what framework?

67
00:05:23,410 --> 00:05:29,350
So now we have a basic understanding of what we do to in the next lecture we will try to understand

68
00:05:29,350 --> 00:05:36,100
what are the different components involved inside the TO framework to clear our understanding even more

69
00:05:36,100 --> 00:05:36,620
further.

70
00:05:36,850 --> 00:05:43,480
So don't worry if you're not clear what I'm saying now about auto, because in the coming lectures you

71
00:05:43,480 --> 00:05:45,950
will get more clear understanding about it.

72
00:05:46,120 --> 00:05:46,630
Thank you.

73
00:05:46,630 --> 00:05:48,340
And see you in the next lecture by.