OAuth

OAuth (Open Authorization) is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. It is an authorization protocol, not an authentication protocol. This is a key distinction. OAuth provides third-party applications with 'delegated access' to a user's resources, with the user's consent. A classic example is when a new application asks if you want to 'Log in with Google.' When you agree, you are not giving that application your Google password. Instead, you are redirected to Google's login page. After you authenticate with Google, Google asks if you consent to giving the third-party application access to certain parts of your account (e.g., your name and email address). If you consent, Google gives the application an 'access token.' This token is a string of characters that acts as a temporary, limited-permission key. The application can then use this token to access the specific resources you authorized, without ever knowing your password. You, the user, can also revoke this access token at any time through your Google account settings, cutting off the application's access. The main roles in an OAuth flow are: the Resource Owner (the user), the Client (the third-party application), the Authorization Server (e.g., Google), and the Resource Server (the server hosting the protected data, e.g., Google's user data API). OAuth 2.0 is the current industry-standard protocol for authorization.