Websites are like castles, with large moats around them. You need a password at the gate to get in.

And the average person has to remember 27 passwords!

Remembering passwords is a pain. About 30% of all customer queries are "How do I reset my password?"

So websites found a unique solution: outsource the authentication problem to the castles.



Instead of asking users to enter an email and password, websites now ask users to "connect" them with Google for registration.

: , ℎ @.? ℎ .

: ℎ ℎ .

: , ℎ .

: , ℎ' . ℎ ℎ .

: . ' ℎ . ℎ ℎ ?

: , ' ℎ ℎ .

: , ℎ.

The user is now authenticated, and a session token can be sent for further auth requests. This process of outsourcing user authentication (technically authorization, since the user authorized you to view their name) is called OAuth.



Thirdparty signin reduces login hesitance, ease of mobile registration, and password reset issues.

It also consolidates data power into a few companies, which know exactly which websites you visited to tailor your ads (Did you register on FirstCry? Let me show you a diaper ad).

You can learn more about OAuth, SSO, and Access Control Lists at InterviewReady.

Cheers!

00:00 What will we learn?
00:20 The Problem with Passwords
01:25 OAuth Flow
04:22 War story: OAuth Doubles Signups
06:43 Advantages of OAuth
08:55 Drawbacks of OAuth
11:31 Conclusion
12:13 Distributed Security Terms
15:30 Thank you!

System Design at InterviewReady: https://interviewready.io/

Use the special DISCOUNT coupon of "HELLOWORLD" to avail an exclusive YouTuber channel offer!

#OAuth #Security #DistributedSystems