User GuideDocumentationAPI Documentation

OAuth 2.0

OAuth 2.0 Overview:

OAuth 2.0 (Open Authorization 2.0) is an industry-standard protocol for authorization. It enables third-party applications to obtain limited access to a user's resources without exposing the user's credentials. Instead of directly providing login information, OAuth 2.0 relies on tokens (access tokens and refresh tokens) to grant access to specific resources. OAuth 2.0 enhances security by delegating access to resources to a third-party without sharing sensitive credentials, reducing the risk of data exposure.

OAuth 2.0 is commonly used for enabling Single Sign-On (SSO) functionality, where users can authenticate once and access a variety of services without needing to log in repeatedly. It also allows users to authorize external applications to access their data from a service provider, such as Google, Facebook, or other cloud services.

OAuth 2.0 Flow:

The OAuth 2.0 flow typically consists of four main roles:

  1. Resource Owner (User): The entity that owns the data or resources and is granting access to a third party.

  2. Client (Application): The third-party application requesting access to the user's resources.

  3. Authorization Server: The service that authenticates the resource owner and issues tokens to the client.

  4. Resource Server: The server that holds the user's resources (e.g., a file storage system), which the client will access after receiving the token.

The typical OAuth 2.0 flow works as follows:

  1. The client requests authorization from the user to access resources.

  2. The user provides consent, and the client receives an authorization code.

  3. The client exchanges the authorization code for an access token.

  4. The client uses the access token to make authenticated requests to the resource server.

How Locktera Uses OAuth 2.0:

Locktera integrates OAuth 2.0 for enhanced security and streamlined user authentication within its platform. Here's how Locktera applies OAuth 2.0 in its operations:

  1. Third-Party Authentication:

    • Locktera enables users to authenticate via the third-party services Google and Microsoft. By allowing OAuth 2.0-based authentication, Locktera eliminates the need for users to remember additional credentials, making the login process easier and more secure.

    • For example, users can log into Locktera using their Google or Microsoft account. The OAuth 2.0 protocol ensures that the authentication process is secure and the user's credentials are never shared with Locktera directly.

  2. Access Control and Authorization:

    • Locktera uses access tokens to grant third-party applications limited access to data or services within the Locktera platform. When an authorized user interacts with a third-party application integrated with Locktera, OAuth 2.0 enables the application to request a token that grants access to a specific subset of data, such as files or metadata.

    • These tokens ensure that third-party apps can only access the data they are authorized to, without requiring the user to share their full credentials or provide excessive permissions.

  3. Single Sign-On (SSO):

    • By leveraging OAuth 2.0, Locktera supports Single Sign-On (SSO), which allows users to log in once and access multiple services securely without having to authenticate separately for each application. This is particularly beneficial for enterprise environments where employees need to access a variety of tools and platforms integrated with Locktera.

    • Users can log into Locktera through their corporate identity provider (e.g., Active Directory, Google Workspace), making access more convenient and reducing the need for multiple passwords.

  4. Delegated Access:

    • For organizations that use Locktera, OAuth 2.0 allows delegated access for administrators. They can provide limited access to users, allowing them to interact with specific data or perform certain actions without exposing their login credentials or administrative rights.

    • For example, an admin might grant a third-party app permission to read data but not to modify or delete it. This delegation is controlled and secured by OAuth 2.0 tokens.

  5. Secure API Integrations:

    • Locktera uses OAuth 2.0 to secure its APIs, ensuring that third-party applications that interact with Locktera’s services (such as cloud integrations or automation tools) can only do so with the proper authorization. OAuth 2.0 tokens are used to authenticate API requests and control the level of access granted to external systems.

  6. Granular Permissions:

    • OAuth 2.0 allows Locktera to grant fine-grained permissions when accessing resources, ensuring that clients (third-party apps) can only access specific data that the user has authorized. For example, users can authorize access to only specific folders or files within Locktera while keeping other data private and secure.