OAuth is a authorization protocol. OAuth allows the resources of users stored on a website such as a facebook to be accessed by third party website.So if you have some contacts added in facebook you can authorize a website which allows you to login using facebook id to access those contacts.This has an advantage of sharing the contacts you have with the third party website without copying the contacts.
So following happens when user logins to a client website.
1.User accesses the client application.
2.Client application redirects the user to facebook login
3.User logins to his facebook account
4.Client application receives the access token to access the users data on facebook.
OAuth is designed to work with the HTTP protocol.The authorizing application such as facebook in the example above provides access token to the the client application.The client application can use this access token for accessing the user resources stored on a website.The client application is not aware of the users password and just know the access token.This makes the data of the user secure.
Its important to remember that OAuth is an authorization protocol and not authentication protocol.For authentication there is a separate protocol OpenID.
The current version of OAuth is OAuth 2.o.
Leave a Reply