What is OAuth 2?

OAuth 2.0 is a complete rewrite of the OAuth 1.0 protocol...

The OAuth 1.0 protocol was established with the advent of social media when users wanted to share pictures/contacts/info from one site to another.

While applications could always just get a user's credentials to access their information from another site, this presented many security vulnerabilities. Not only would the application have unlimited access to a user's (Facebook) account, they could also drop the ball on securely storing the user's sensitive information. Regardless of intent, an application requesting a user's credentials for another site was a big no no.

This led to the OAuth protocol characterized by obtaining limited authorized access to a user's account. Without revealing the user's credentials, applications can access a user's information from another site in a secure fashion.

While OAuth 1.0 achieved this goal, it had several pitfalls that led to the development of OAuth 2.0.

OAuth 2.0 solved a lot of the issues experienced with OAuth 1.0, including offering a more diverse group of "flows" or grant types and not requiring cryptographic efforts from developers as much.

When people talk about OAuth in 2023, they are talking about OAuth 2.0.