Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
OAuth works by using authentication tokens, which act as pointers to a resource and provide parameters for sharing, such as a limited time window. This way, the user can give third parties access to certain features and functions in a program without giving access to everything stored therein, including personal data. This is similar to an authenticator called OpenID, but the two protocols are somewhat different. Whereas OAuth authorizes third parties to use some of a user's protected resources, OpenID is more focused on authorizing access to their identity.
One example that is often used to explain OAuth 2.0 and related versions is that the authenticator uses a string as a valet key for access to a particular item. The criticism here is that just like a key, a hacker could obtain the token and gain unauthorized access. Although current development of OAuth 2.0 promote widespread use through compatibility with Facebook and other platforms, some critics are concerned that this protocol could be a liability for overall network security depending on implementation.