During Q3 our team get a quiet challenging business requirement. There will be 3rd Party that want to implement “Login with StartDee” (Startdee is Ruangguru in Thailand) in their service. This means that we are required to share user information (name, email etc) to 3rd Party. The biggest question would be how to do this securely?

To avoid reinventing the wheel with our limited knowledge regarding security, we search for reference. After exploration, we found this RFC that explain in detail about OAuth 2.0 and why we need it to secure our collaboration with 3rd party. The problem is this RFC is too detailed does make it hard to understand. In this article I would like to simplify the RFC and explain what OAuth 2.0 …


Himang Sharatun

from “hello world” to change the world

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store