1
00:00:00,180 --> 00:00:05,490
In this election, let's try to understand what are the different components involved inside the auto

2
00:00:05,490 --> 00:00:09,510
framework, like whenever someone want to adopt the auto framework.

3
00:00:09,540 --> 00:00:15,840
So these are all the components which will be involved inside the authentication and authorization from

4
00:00:16,050 --> 00:00:21,120
the very first one that we are discussing previously is the authorization so so attribution.

5
00:00:21,130 --> 00:00:30,060
So is the one which is state isolator and responsible to validate user authentication and authorization,

6
00:00:30,300 --> 00:00:33,880
postulating that it has to issue a token.

7
00:00:34,200 --> 00:00:42,000
And this also is a server where all the protected resources of any user like my credit card details,

8
00:00:42,000 --> 00:00:48,750
my account details will be stored inside a database which can be accessed by resource our only.

9
00:00:48,900 --> 00:00:56,300
And this resource server will give the protected resource to someone only if they provide a valid token.

10
00:00:56,520 --> 00:00:59,070
It will never ask you the user name and credentials.

11
00:00:59,340 --> 00:01:02,370
It will always ask you the token and the same token.

12
00:01:02,370 --> 00:01:05,319
The resource server will get violated with the attribution.

13
00:01:05,340 --> 00:01:12,270
So in case there is no token available, it's the responsibility of the developer architects to detect

14
00:01:12,270 --> 00:01:17,390
that and redirect to Ottawa to perform the logging operation.

15
00:01:17,400 --> 00:01:20,400
And the third component is the resource.

16
00:01:20,400 --> 00:01:22,380
Worner are the user we call it.

17
00:01:22,380 --> 00:01:28,980
That's like if I am using a grid analyzer app, are easy bank application, I am the resource one.

18
00:01:29,160 --> 00:01:36,330
I want the resources which are staying inside the database, like my account, my credit card details

19
00:01:36,510 --> 00:01:39,920
are the tweets that I have made inside that Twitter application.

20
00:01:40,110 --> 00:01:41,730
So those are the particular resources.

21
00:01:42,000 --> 00:01:46,170
Since I want them, I will become the resource who are the user?

22
00:01:46,290 --> 00:01:48,690
And the last component is the client.

23
00:01:48,690 --> 00:01:56,460
So client is an application which you want to access the resources worn by a user on their behalf.

24
00:01:56,610 --> 00:01:58,620
Like in the grid analyzer app.

25
00:01:58,890 --> 00:02:00,900
The grid analyzer is the client.

26
00:02:01,050 --> 00:02:06,840
I am the resource Warner and operations over and resource are what is the Twitter application.

27
00:02:06,960 --> 00:02:15,180
So if you look at the sample or to flow in the output analyzer app, you can see the very first component

28
00:02:15,180 --> 00:02:21,000
is that resource one are the user, which is me, who is trying to use that tweet analyzer app.

29
00:02:21,270 --> 00:02:28,110
When I go to tweet analyzer app, like I want you to analyze my tweet, tweet analyzer app, which is

30
00:02:28,110 --> 00:02:35,550
a client in this scenario, will ask me, okay, I will refer you to the Twitter authorization.

31
00:02:35,550 --> 00:02:40,500
So you have to enter your credentials there to prove your identity.

32
00:02:40,770 --> 00:02:47,970
And once your identity is approved, the Twitter authorization server will issue a token to me.

33
00:02:48,300 --> 00:02:52,830
But in this scenario, the client will never ask that Twitter connections directly.

34
00:02:53,010 --> 00:02:55,820
It will take you to the traditions of the Twitter.

35
00:02:56,130 --> 00:03:03,870
So once a client receives the token, the same token, the tweet analyzer, which is client here, will

36
00:03:03,870 --> 00:03:09,290
send to the resource server of the Twitter to get the resources like my tweets.

37
00:03:09,450 --> 00:03:14,820
He tweets, how many likes I received commands all those resources from the resource.

38
00:03:14,840 --> 00:03:15,160
So.

39
00:03:15,390 --> 00:03:22,740
So in this flow, the resource server will validate the token issued by the observer is a valid or not

40
00:03:23,070 --> 00:03:29,550
by connecting with the observer and we can see what are different ways to to establish a connection

41
00:03:29,550 --> 00:03:32,580
between Ottawa and resource or in the coming lectures.

42
00:03:32,760 --> 00:03:39,210
But now let's assume like every time you send a token to the resource so it will connect to the Observer

43
00:03:39,210 --> 00:03:40,020
to validate it.

44
00:03:40,380 --> 00:03:48,840
So in this way, all the components that involved in the auto flow will make or authentication and alteration

45
00:03:48,840 --> 00:03:49,560
flow smooth.

46
00:03:49,560 --> 00:03:55,010
And by following the industry standards, as you can see next time, if I go to the Twitter analyzer

47
00:03:55,020 --> 00:04:01,950
app again, are making any actions in that tweet analyzer app application, it don't ask me credentials

48
00:04:01,950 --> 00:04:06,510
again and again because I already gave my credentials to the Twitter attribution.

49
00:04:06,520 --> 00:04:08,660
So I received a token.

50
00:04:08,880 --> 00:04:12,150
The same token will be leveraged by the tweet unless that app.

51
00:04:12,150 --> 00:04:18,930
And you can also see Twitter also decouple their authentication flow and business logic into two different

52
00:04:18,930 --> 00:04:21,149
servers, which is automation software.

53
00:04:21,149 --> 00:04:22,070
And also.

54
00:04:22,260 --> 00:04:29,520
So let's try to go to any websites that we use on day to day basis and try to understand how this ought

55
00:04:29,520 --> 00:04:34,260
to flow works by trying to login and signing up for the website.

56
00:04:34,530 --> 00:04:42,960
For the same, I came to our most common favorite website of our for developers, which is Stack Overflow.

57
00:04:43,290 --> 00:04:51,480
You can see here I just came to this website very first time and I never had a login into this application.

58
00:04:51,480 --> 00:04:58,500
Obviously, if you login into this application or sign up into this application, you have advantage

59
00:04:58,500 --> 00:04:59,900
like posting your.

60
00:05:00,180 --> 00:05:07,020
Answers are liking someone, answers are posting questions, so all those extra features someone can

61
00:05:07,020 --> 00:05:10,990
leverage in stack overflow only if there are going into this application.

62
00:05:11,130 --> 00:05:15,450
So obviously when a click sign that you can see here, there are two ways.

63
00:05:15,480 --> 00:05:24,120
One is the traditional way where I can enter my email password name and register myself post MasterCard

64
00:05:24,120 --> 00:05:28,520
Flow will ask me to validate my email by sending a verification link.

65
00:05:28,710 --> 00:05:32,460
But this is a time consuming it and it is an annoying process.

66
00:05:32,490 --> 00:05:40,830
Instead, Stack Overflow also has options of getting my basic details about my name, email, and obviously

67
00:05:40,830 --> 00:05:47,760
I don't have to store any password details with code flow because I always interact with the Google

68
00:05:47,760 --> 00:05:48,140
argued.

69
00:05:48,150 --> 00:05:49,110
How about Facebook?

70
00:05:49,140 --> 00:05:52,560
So in this scenario I try to sign up using Google.

71
00:05:52,800 --> 00:05:58,710
So as soon as I click sign up with Google, you can see the page has been redirected.

72
00:05:58,890 --> 00:06:06,660
The stack overflow is never asking me to enter my credentials in their website because they're delegating

73
00:06:06,660 --> 00:06:12,990
that authentication and authorization to actual vendor itself in this scenario, which is Google.

74
00:06:13,320 --> 00:06:19,950
And you can also see it is following Watto and there is a claim to the purpose of client I.D. So in

75
00:06:19,950 --> 00:06:22,890
this scenario, the client is Jackalope, the resource.

76
00:06:22,890 --> 00:06:28,230
Worner Our user is me and the Observer and the resource server is the Google.

77
00:06:28,560 --> 00:06:34,980
So whenever someone want to use the Google servers and it also wants to get the basic details, first,

78
00:06:34,980 --> 00:06:36,600
they have to register themselves.

79
00:06:36,870 --> 00:06:41,430
First Stack Overflow has to reach out to the Google developer community.

80
00:06:41,430 --> 00:06:48,480
Ah, Google developer website restrict themselves where they'll get to claim Tildy and client secret,

81
00:06:48,660 --> 00:06:52,990
which they can use all this water to fill due to this client.

82
00:06:53,270 --> 00:06:59,210
You can see Google detected that I'm getting a request from stack up dot com.

83
00:06:59,520 --> 00:07:07,290
So now I enter my Gmail here and Google is trying to asking me to prove my identity by logging into

84
00:07:07,290 --> 00:07:11,040
my mobile and approving the authentication request.

85
00:07:11,160 --> 00:07:12,090
I did it.

86
00:07:12,090 --> 00:07:18,180
And you can see now the redirection will happen from Google to stack overflow.

87
00:07:18,420 --> 00:07:26,510
Now, Stack Overflow has all the basic details about me, like what is my name, what is my email?

88
00:07:26,550 --> 00:07:33,960
All those basic details it got from the Google Utsav this way, all the four components involved in

89
00:07:33,960 --> 00:07:41,640
the auto flow will interact with each other to make a smooth and successful identification and operation

90
00:07:41,670 --> 00:07:42,030
flow.

91
00:07:42,300 --> 00:07:46,710
And based upon the scenario, how different flavors of what to flow like.

92
00:07:46,710 --> 00:07:49,680
The flavor that rightnow we saw is one of the flavor.

93
00:07:49,920 --> 00:07:58,770
But we have five different flavors where to will follow to issue a oaken and validate the tokens during

94
00:07:58,770 --> 00:08:01,110
the authentication and authorization flow.

95
00:08:01,320 --> 00:08:08,220
Depending on the scenario that you are into, you can leverage any of these flows and all these flows

96
00:08:08,220 --> 00:08:11,310
have their own advantages and disadvantages.

97
00:08:11,520 --> 00:08:17,970
And obviously you have to write them off to choose the most optimum one for your application.

98
00:08:17,970 --> 00:08:24,510
PSINet, I hope now you have some clear understanding what is what to flow and what are different components

99
00:08:24,510 --> 00:08:25,470
involved in.

100
00:08:25,470 --> 00:08:32,510
The next lecture will look into the the most common grant type, which is authorization code.

101
00:08:32,669 --> 00:08:33,210
Thank you.

102
00:08:33,210 --> 00:08:35,010
And see you in the next video by.