OAuth

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages) Some of this article's listed sources may not be reliable. Please help improve this article by looking for better, more reliable sources. Unreliable citations may be challenged and removed. (November 2023) (Learn how and when to remove this message) This article relies excessively on references to primary sources. Please improve this article by adding secondary or tertiary sources. Find sources: "OAuth" – news · newspapers · books · scholar · JSTOR (November 2023) (Learn how and when to remove this message) (Learn how and when to remove this message)

Unofficial logo designed by Chris Messina
Latest version	2.0
Organization	Internet Engineering Task Force
Website	Hardt, Dick (October 2012). "The OAuth 2.0 Authorization Framework".

OAuth (short for open authorization^[1][2]) is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords.^[3][4] This mechanism is used by companies such as Amazon,^[5] Google, Meta Platforms, Microsoft, and Twitter to permit users to share information about their accounts with third-party applications or websites.

Generally, the OAuth protocol provides a way for resource owners to provide a client application with secure delegated access to server resources. It specifies a process for resource owners to authorize third-party access to their server resources without providing credentials. Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server.^[2]