What is OAuth?

Your thoughts?


OAuth stands for "Open Authentication".

OAuth is a protocol for allowing users to access their data securely from other sites so they can use them on your site. For example, you are experiencing OAuth when you "Sign in with Facebook" on your favorite application.

Without OAuth, applications would need a users credentials to access other accounts on their behalf. This is a security concern because the application can do whatever it wants with the users credentials. Even if the application means well, it could expose the credentials erroneously.

This is why OAuth is so important. It allows these applications to access your Facebook feed without needing your username and password for Facebook.


OAuth is an open standard for accessing user data from another application WITHOUT needing the user's credentials.

OAuth became popular as social media sites took off and people wanted to share their photos/contacts/friends from one site to another.

While OAuth 1.0 was the first official "protocol" to address this standard, security flaws and the evolution of things lead to the OAuth 2.0 framework.

While the OAuth 2.0 framework accomplishes the same things as OAuth 1.0, it IS NOT the same thing as OAuth 1.0. It isn't backwards compatible and introduces a bunch of different flows (grant types) for obtaining access tokens in different ways.


OAuth is a protocol that allows application A to retrieve a user's information from application B without needing the user's login credentials for application B. This allows applications to securely share data without compromising a user's account.

The most popular use case for OAuth can be found in the rise of consumer facing websites (Facebook, Twitter, Instagram). We've all been prompted to log in with our Facebook account. Most of us have authorized a site to access our twitter feed or Instagram photos. This is all made possible because of the OAuth 2 protocol.


OAuth is an "open-standard" definition for implementing authorized access to protected resources.

A protected resource might be your photos on Facebook.

Authorized access is the ability for some app to access your photos on your behalf.

An open standard is an agreed upon way of doing things. Providers "implement" open standards.


OAuth is how sites let you login with FaceBook, share your twitter feed, etc without needing you to provide your username and password. This allows sites to have limited, secured, authorized access to things without exposing vulnerabilities through storing and handling your user credentials.


It's a protocol? It's a framework? It's OAuth?

OAuth is something developers love to use without understanding, largely because they don't have to. There are a bunch of OAuth implementers/providers like Okta that handle the complicated and delicate flows for you to ensure security and convenience when allowing user's to access data across applications.


OAuth is a protocol for authorizing access to APIs and protected resources.


OAuth is how you "sign in with google".

OAuth is how you "allow MySpace to access your Twitter feed"

OAuth is how you "share your Facebook friends on Instagrabbal"





OAuth 2 is the future brah