OAuth2 is an authorization protocol that allows a user to access multiple applications using a just a single username and password. One of the major benefits of OAuth2 is that the application being accessed never get to see the user's username or password. An excellent example of this is the 'Login with Google' option you may find on many websites these days. When you use this option, the website delegates the task of identifying you to the Google OAuth2 service. Additionally, you get to decide what information about you Google can provide to the website - for example, your email address. Earthdata Login provides the same service to Earthdata applications such as Reverb, and may others located at the DAAC sites.
How Does It Work
We're going to give a simplified outline of how OAuth2 works in the context of Earthdata Login, but before we delve into the details, we need to make that sure we start off with the same terminology. In a typical scenario, there are three actors, or entities involved.
We have:
- The User Agent - the tool being used by the user to access the application. This could be a web browser, an application such as Panoply, or it could even be a command line tool or script such as curl or wget.
- The Application requiring user authentication. This could be a simple HTTP based data download service, a wiki, a data search tool, subsetting application, etc.
- The OAuth2 service - in this case, Earthdata Login.
