What is OAuth?
OAuth (Open Authorization) is an open standard authorization protocol that allows users to grant third-party applications limited access to their resources without sharing their credentials. It enables secure delegated access through access tokens.
Quick Facts
| Full Name | Open Authorization |
|---|---|
| Created | 2007 (OAuth 1.0), 2012 (OAuth 2.0 RFC 6749) |
| Specification | Official Specification |
How OAuth Works
OAuth works by issuing access tokens to third-party clients with the approval of the resource owner. The most common flow (Authorization Code) involves redirecting users to the authorization server, where they authenticate and approve access. The server then returns an authorization code, which is exchanged for an access token. OAuth 2.0 is the current version, widely used by Google, Facebook, GitHub, and other major platforms for API access and social login.
Key Characteristics
- Token-based authorization (not authentication)
- Supports multiple grant types (Authorization Code, Client Credentials, etc.)
- Scopes define the level of access granted
- Refresh tokens for obtaining new access tokens
- Separation of roles: Resource Owner, Client, Authorization Server, Resource Server
- HTTPS required for security
Common Use Cases
- Social login (Sign in with Google/Facebook/GitHub)
- Third-party API access
- Mobile app authentication
- Microservices authorization
- Single Sign-On (SSO) implementations