Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
OAuth is an authorization protocol - or in other words, a set of rules - that allows a third-party website or application to access a user’s data without the user needing to share login credentials.
OAuth's open-source protocol enables users to share their data and resources stored on one site with another site under a secure authorization scheme based on a token-based authorization mechanism. OAuth is also known as OAuth Core.
It is important to realize OAuth is a way to authenticate users - to ensure a user is who he says he is. The protocol was designed to circumvent problems with the sharing of user credentials in distributed and Web 2.0 environments. With OAuth, resources stored on one website can be shared or accessed by a user once he is authenticated via OAuth. There is no need for the user to create a new account on the website and, at the same time, the website is not privy to the user's credentials.
OAuth operates much like a client/server computing model, where a primary website storing the user resources acts as a server and the website or application accessing that data is a client. The primary website establishes an OAuth interface (otherwise called an API) and secret key for the requesting website as a means of establishing a session to validate the user. Once the user requests access to the data or resources of the client website, he or she takes a side trip and is forwarded to the login procedure of the primary website, at which time the user provides his or her login credentials. Upon successful authentication there, an authorization token is sent from that primary website to the requesting website as an acknowledgment of authentication - allowing the user the access of data or other resources originally requested.