Saravana sai blog
O-Auth 2.0 vs SSO Practical Explanation

O-Auth 2.0 vs SSO Practical Explanation

Saravana Sai 's photo
Saravana Sai
·

4 min read

Table of contents

The practical explanation about O-Auth 2.0 & SSO.The basic web application security protocols & workflow.

Introduction

Hi, if you are a junior or mid-senior level backend developer you may hear about a term called 0-Auth 2.0 & SSO (Single Sign On) & some other terms like JWT, SAML, Breaer tokens & XML, etc. Do you ever think about what these different terms mean? it may sound like a lot of jargon. so, we are going to discuss these technical terms & what does it actually mean & the differences between them & finally their use cases.

Understanding the terms

Before jumping into the actual topic. let us get familiar with some technical terms. Do you know what the difference stands between Authorization & Authentication? let me explain the difference between these two different words & other jargon.

Authentication :

Authentication verifies the identity of a user. A common analogy is in movie theaters they verify a ticket & allows us to watch the movie. The process is verifying that we are legitimate users or persons.

Authorization:

Authorization determines their access rights. Let's take the same analogy: we are inside the theaters but don't have the right to play or pause the movie or increase the volume, so we do not have that permission but a theater operator will have that access. it's just an example

O-Auth 2.0 :

OAuth 2.0 is the industry-standard protocol for authorization or framework that provides applications the ability to “secure designated access.” OAuth doesn’t share password data but instead uses authorization tokens to prove an identity between consumers and service providers. It allows you to approve one application interacting with another on your behalf without giving away your password.

SSO (Single sign-on):

Single sign-on (SSO) is a user authentication tool that enables users to securely access multiple applications and services using just one set of credentials.SSO is built on the concept of federated identity, which is the sharing of identity attributes across trusted but autonomous systems. which uses O-Auth 2.0, SAML & OpenID Connect.

OpenID Connect :

OpenID Connect is an open standard that organizations use to authenticate users. we can imagine it like our passport which verifies our identity through government records. For example, it enables a user to log in to a service using their Facebook or Google account rather than entering user credentials.

Explanation:

O-Auth 2.0 is a protocol used to authorize or permit the 3rd -party service to access the data of a user with some limited permission allowed by the user.

For example:

let's consider you having your own social media sites like Facebook or Twitter. I hope you have seen some popular sites which allow us to sign up using Google or Facebook accounts. you may be noticed that we will not enter any passwords & Google or Facebook also never share your passwords & data with some 3rd -party sites. Then now you may have got a question about how it's using my account details. that's where the O-Auth 2.0 protocol comes into play as we said before O-Auth 2.0 is an authorization protocol that is an open standard that allows accessing specific data which you have to allow that 3rd party site. you may see a screen like this below.

Still, you may have some questions that what is exactly O-Auth 2.0. From our example, you have built a social media site or some other service. you also think that your application user can use this account to sign-up on third-party sites. As you some other application owners may also think, to give the same feature. If each one develops its own way of implementation then it's hard to maintain & easy to data breach so, that is why O-Auth 2.0 standard protocol. I hope now you have a clear idea. In more simple words it's standard for accessing a resource from some other server with user permission. It uses JSON Web Tokens (JWT) for those authorizations.

SSO :

Single sign-on (SSO) is a user authentication tool that enables users to securely access multiple applications and services using just one set of credentials. Whether your workday relies on Slack, Asana, Google Workspace, or Zoom, SSO provides you with a pop-up widget or login page with just one password that gives you access to every integrated app. Instead of twelve passwords in a day, SSO securely ensures you only need one.

For Example :

Let's think if you are an organization owner & you have different software services like Google, Microsoft & Slack, etc. Then for your employees, you have to give access to each application, In general, we will create an account on each application then the employees have to remember the usernames & passwords of each application. For a small organization, this may seem easy but, just think if you have more than 100 employees. That's why SSO came to save us from this nightmare. Under the hood, SSO uses O-auth 2.0, OpenID connect & SAML for authorization or identifying the user.

Conclusion:

This article is to just give a fundamental idea about SSO & O-auth 2.0. There are a ton more things to cover. Please share & like Feel free to share your inputs in the comments for improvements

Did you find this article valuable?

Support Saravana sai blog by becoming a sponsor. Any amount is appreciated!

Web DevelopmentSecurityProgramming BlogsSystem DesignSystem Architecture