OAuth Flows


OAuth 2.0

OAuth 2.0 is the industry-standard protocol for authorization. It controls authorization to a third-party-application, removing the need for users to share their passwords with it.

OpenID Connect

OpenID Connect is an authentication standard built on top of OAuth 2.0. It allows users to authenticate via a third-party application with an existing account.

OAuth client

The OAuth client is your application, that attempts to gain access to the user’s corresponding account from the OAuth service (e.g. Google or Facebook). To do so, it must obtain the user’s permission (via a password).

Client ID (app ID)

After creating your project or app, you will receive a client ID (or app ID). The client ID is considered public information and is used for building login URLs.

Client secret (app secret)

After creating your project or app, you will receive a client secret (or app secret). The client secret is used in the communication between the third-party application and the authorization server. The secret must be kept confidential.

Redirect URI

When creating your application, you must register a Redirect URI to which the user will return after completing the authorization. The users will only be redirected to a registered URI, which helps prevent IT attacks.

The OAuth consent screen is a user interface that a user interacts with when granting permission to a third-party application to access their data. It specifies the type of data and the level of access the third-party application is requesting.