Key Notes

The purpose of this page is to provide bite sized snippets of OAuth facts.
  • OAuth is designed to be a delegation protocol meaning someone who controls a resource allows a software application to access the resource on their behalf.
    • Essentially think of it as a "Valet Key" for the web
  • OAuth is an authorization protocol***
    • OAuth itself doesn't carry or convey the authorizations. Instead it provides a means by which a client can request that a user delegate some of their authority to it. Thus it's more technically correct to refer to it as a delegation protocol.
  • Oauth isn't an authentication protocol, even though it could be used to build one.
  • In the most simplest form, OAuth is about how to get a token and use the token.
Last modified 1yr ago