OAuth 2.0

What Does OAuth 2.0 Mean?

OAuth 2.0 is the successor to OAuth, an open authentication tool that allows users to share private resources without giving external parties or programs access to all of their identification data. OAuth 2.0 represents a revision of the original OAuth created in 2006 and contrasts with other similar authentication tools.

Techopedia Explains OAuth 2.0

OAuth works by using authentication tokens, which act as pointers to a resource and provide parameters for sharing, such as a limited time window. This way, the user can give third parties access to certain features and functions in a program without giving access to everything stored therein, including personal data. This is similar to an authenticator called OpenID, but the two protocols are somewhat different. Whereas OAuth authorizes third parties to use some of a user's protected resources, OpenID is more focused on authorizing access to their identity.

One example that is often used to explain OAuth 2.0 and related versions is that the authenticator uses a string as a valet key for access to a particular item. The criticism here is that just like a key, a hacker could obtain the token and gain unauthorized access. Although current development of OAuth 2.0 promote widespread use through compatibility with Facebook and other platforms, some critics are concerned that this protocol could be a liability for overall network security depending on implementation.