Key Notes

The purpose of this page is to provide bite sized snippets of OAuth facts.

  • OAuth is designed to be a delegation protocol meaning someone who controls a resource allows a software application to access the resource on their behalf.

    • Essentially think of it as a "Valet Key" for the web

  • OAuth is an authorization protocol***

    • OAuth itself doesn't carry or convey the authorizations. Instead it provides a means by which a client can request that a user delegate some of their authority to it. Thus it's more technically correct to refer to it as a delegation protocol.

  • Oauth isn't an authentication protocol, even though it could be used to build one.

  • In the most simplest form, OAuth is about how to get a token and use the token.

NextArchitecture

Last updated