diff --git a/astro/src/content/articles/oauth/modern-guide-to-oauth.mdx b/astro/src/content/articles/oauth/modern-guide-to-oauth.mdx index ca1ef5fb88..63281bfadb 100644 --- a/astro/src/content/articles/oauth/modern-guide-to-oauth.mdx +++ b/astro/src/content/articles/oauth/modern-guide-to-oauth.mdx @@ -1,6 +1,6 @@ --- -title: What is OAuth (The Modern Guide) -description: Not just another OAuth tutorial. This guide walks you through all of the real use-cases of OAuth in clear and simple detail. +title: Modern Guide - What is OAuth 2.0 and How Does It Work? +description: What is OAuth 2.0 and How does it Work? image: advice/modern-guide-oauth/expert-advice-the-modern-guide-to-oauth-header-image.png author: Brian Pontarelli, Ahmed Hashesh and Dan Moore section: OAuth @@ -17,7 +17,7 @@ Well, yes and no. This guide is different from most of the others out there beca If that sounds good to you, keep reading! -## OAuth Overview +## What is OAuth 2.0? OAuth 2.0 is a set of specifications that allow developers to easily delegate the authentication and authorization of their users to someone else. While the specifications don't specifically cover authentication, in practice this is a core piece of OAuth, so we will cover it in depth (because that's how we roll). @@ -33,7 +33,7 @@ What does the phrase used above, "delegate the authentication and authorization It means that your application sends the user over to an OAuth server, the user logs in, and then the user is sent back to your application. But. There are a couple of different twists and goals of this process. Let's cover those next. -## OAuth Modes +## How Does OAuth 2.0 Work? None of the specifications cover how OAuth is actually integrated into applications. Whoops! But as a developer, that's what you care about. They also don't cover the different workflows or processes that leverage OAuth. They leave almost everything up to the implementer (the person who writes the OAuth Server) and integrator (the person who integrates their application with that OAuth server). diff --git a/astro/src/content/articles/oauth/saml-vs-oauth.mdx b/astro/src/content/articles/oauth/saml-vs-oauth.mdx index 990b166379..26578f29f6 100644 --- a/astro/src/content/articles/oauth/saml-vs-oauth.mdx +++ b/astro/src/content/articles/oauth/saml-vs-oauth.mdx @@ -1,5 +1,5 @@ --- -title: SAML vs. OAuth +title: SAML vs. OAuth - Understand Differences and Benefits description: SAML and OAuth are two systems that make secure user access more convenient and secure. Although they’re superficially similar, under the hood there are more differences than you might expect. image: advice/saml-vs-oauth/saml-vs-oauth.png author: James Konik @@ -21,7 +21,7 @@ SAML is primarily an authentication system, while OAuth is an authorization syst Let’s take a look at how the two systems let you access websites and applications. These are common systems, though [other workflows are possible](https://www.ibm.com/docs/en/tfim/6.2.2.6?topic=overview-oauth-20-workflow). -### SAML +## Security Assertion Markup Language (SAML) Definition When a user interacts with SAML, both a service provider and [identity provider](/docs/apis/identity-providers/) are involved. The service provider is typically the website the user is interacting with. @@ -36,7 +36,7 @@ When the right credentials are provided, the identity provider responds with a S If the user is already authenticated, they’re not asked for their credentials, which saves time and improves the user experience. -### OAuth +## Open Authorization (OAuth) Definition There are two versions of OAuth, and there are [differences](https://www.synopsys.com/blogs/software-security/oauth-2-0-vs-oauth-1-0/) between them. This article focuses on version 2.0, which has been around since 2012. An updated version 2.1 [has been proposed](/articles/oauth/differences-between-oauth-2-oauth-2-1) but not yet approved. @@ -62,7 +62,7 @@ This allows users to gain access through a familiar UI, and their primary creden This information is a core source of revenue for companies like Facebook. While some users may not be keen on the [potential lack of privacy](https://www.wired.com/story/security-risks-of-logging-in-with-facebook/), those users are [in the minority](https://www.webmarketingpros.com/gigya-survey-shows-social-login-use-skyrocketing-on-sites-and-apps/). However, these concerns are part of why some companies are choosing to run their own OAuth servers. -## Functions of Each Protocol +## Comparison of OAuth and SAML Let’s talk about what function each system performs. @@ -144,7 +144,7 @@ Single-page applications (SPAs) contain all their logic on the frontend. That ma You can sidestep this problem by using OAuth with a backend for frontend (BFF) component. The component can manage OAuth tokens for your SPA [using encrypted, same-site cookies](https://curity.io/resources/learn/spa-best-practices/). -## Conclusion +## Conclusion - When Should You Use SAML or OAuth? SAML and OAuth are different solutions to similar problems. They’re different animals, but their territories overlap at times, and you can frequently find them together.