OAuth

Unofficial logo designed by Chris Messina
Latest version2.0
OrganizationInternet Engineering Task Force
WebsiteHardt, Dick (October 2012). "The OAuth 2.0 Authorization Framework".

OAuth (short for open authorization[1][2]) is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords.[3][4] This mechanism is used by companies such as Amazon,[5] Google, Meta Platforms, Microsoft, and Twitter to permit users to share information about their accounts with third-party applications or websites.

Generally, the OAuth protocol provides a way for resource owners to provide a client application with secure delegated access to server resources. It specifies a process for resource owners to authorize third-party access to their server resources without providing credentials. Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server.[2]

  1. ^ "Open Authorization - Glossary | CSRC". csrc.nist.gov.
  2. ^ a b Hardt, Dick (October 2012). Hardt, D (ed.). "RFC6749 - The OAuth 2.0 Authorization Framework". Internet Engineering Task Force. doi:10.17487/RFC6749. Archived from the original on 15 October 2012. Retrieved 10 October 2012. {{cite journal}}: Cite journal requires |journal= (help)
  3. ^ Whitson, Gordon. "Understanding OAuth: What Happens When You Log Into a Site with Google, Twitter, or Facebook". Lifehacker. Archived from the original on 24 April 2014. Retrieved 15 May 2016.
  4. ^ Henry, Gavin (January 2020). "Justin Richer on OAuth". IEEE Software. 37 (1): 98–100. doi:10.1109/MS.2019.2949648. ISSN 0740-7459.
  5. ^ "Amazon & OAuth 2.0". Archived from the original on 8 December 2017. Retrieved 15 December 2017.