How OAuth2 Secures Third‑Party Access: A Complete Guide

What Is OAuth2?

Open platforms such as WeChat Open Platform and Weibo Open Platform are increasingly popular, and they all involve user‑authorization issues; OAuth2 is the current mainstream solution for authorization.

OAuth (Open Authorization) defines a secure, open, and simple standard for granting user resources. Third‑party applications can obtain user authorization without knowing the user’s account or password.

In OAuth, a separate authorization layer sits between the client and the service provider. The client logs into this layer using a token, and the service provider, based on the token’s scope and validity, grants the client access to the user’s stored data.

OAuth2 Implementation Mechanism

OAuth2’s authorization mechanism involves four core entities:

Resource Owner – the user.

Client – the third‑party platform requesting access (e.g., a website).

Resource Server – stores resources such as user information.

Authorization Server – handles authentication and token issuance.

Authorization Flow

(1) The user clicks login on the third‑party app; the app sends a request to the authorization server indicating the user’s intent to authorize and providing its identity and callback URL.

(2) The authorization server presents an authorization page to the user.

(3) After the user authorizes, the server generates an authorization code and redirects to the app’s callback URL.

(4) The app exchanges the code, together with its own client ID and secret, for an access token by authenticating with the authorization server.

(5) If the request is valid, the authorization server issues an access_token and returns it to the app.

(6) The app uses the access_token to request resources from the resource server.

(7) The resource server validates the access_token and returns the requested resources.