OAuth Explained
The OAuth flow
Three players
- You the application
- The User
- The Source of the data
Github is the godfather, the user is Jimmy, and the app is the attorney.
Jimmy has to go to the godfather and say that he needs help of the the app with a problem.
So first Jimmy has to go to the door and tell password = authenticate himself.
Then Jimmy tells the godfather that he needs the help of the app. So now Jimmy is finished with his work. The godfather will give a code to Jimmy that he can give to app. So the app gets a proof from Jimmy that it has authority to get data.
Now the app has to prove who he is, since anybody could have that code. So in fact the app needs also a relationship with the godfather to get some data.
So now the app has to prove also who he is. So he needs his client code as well and the authorisation from Jimmy.
Then the app gets a key, an access token. With this token you get full access. It gets access to scopes.