Key Notes
The purpose of this page is to provide bite sized snippets of OAuth facts.
- OAuth is designed to be a delegation protocol meaning someone who controls a resource allows a software application to access the resource on their behalf.
- Essentially think of it as a "Valet Key" for the web
- OAuth is an authorization protocol***
- OAuth itself doesn't carry or convey the authorizations. Instead it provides a means by which a client can request that a user delegate some of their authority to it. Thus it's more technically correct to refer to it as a delegation protocol.
- Oauth isn't an authentication protocol, even though it could be used to build one.
- In the most simplest form, OAuth is about how to get a token and use the token.
Last modified 1yr ago