OAuth is a framework for access delegation. What it does is giving access to a website or a web application to get the information on another website or web application. This is how the OAuth works 1. When the user don't have account, user asks the application to login with third-party services like Facebook/LinkedIn . 2. The application asks the user get permission from Facebook/ third-party services. 3. User ask third-party application to give permission for the application. 4. Third-party application give authorization code for the application to get access to resources. 5. Using the authorization code user get the token from the third-party application. 6. By using the token application get information needed. 7. Now the user is login with the application as a valid user . Register the application To register visit to https://developers.facebook.com/ and login to it using your Facebook email and p...
In Synchronize Token method the client and the server both should generate the same token value. The server has to do what client does. So it will be a heavy load to the server,Therefore we are using double submitted cookies method. If we need to use double submitted cookies, the javascript should run in in the cookie. So HTTP Flag should be off. In here we are sending the same cookie (that means our session cookie) through HTTP body and the HTTP header. So the server will validate if the cookie coming from the body and the header are same or not and accept the request or deny. In the client side (index.php) we create the session and store it in the cookie.After that create a token and store it in a new cookie. Figure 1 ...