Oauth Box
OAuth Box is a site that describes and simulates the OAuth 2.0 standard implemented with the MERN stack.
Overview
OAuth Box is a web application that describes and demonstrates the OAuth 2.0 standard/framework for authorization delegation. As the web's primary standard for delegating access to protected resources, OAuth 2.0 is widely adapted across the web. The goal of OAuth Box is to provided an educational site to learn about OAuth 2.0
Results
OAuth Box was built using the MERN stack to streamline full-stack development by primarily using JavaScript, HTML, and CSS. To help simulate separate "actors" (resource owner, client, authorization server, resource server), the application runs two instances of Express under the same codebase. OAuth Box includes a demonstration of the OAuth 2.0 authorization code flow by implementing a "third-party" registration and login process. The client (web app trying to access the user’s data for authentication/authorization) sends an authorization request via browser redirect to the “/authorize” endpoint of the authorization server (third-party server). The authorization server will return a login page which will allow the client app to obtain limited access (scopes) to the user’s data. Once the user authenticates and grants access, an authorization grant is passed from the third-party server to the client app. With this grant, the client app will then request an access token from the “\token” endpoint of the third-party service’s authorization server. The grant is exchanged for an access token. Once the client app has the access token, it may access a protected resource (in this case, the user's first name) from the third-party service’s resource server. Building OAuth Box is a great learning experience about web authentication and security. Note: I'm still actively developing OAuth Box.