OAuth is an open authorization standard used to provide secure client application access to server resources. The OAuth authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner or by allowing the third-party application to obtain access on its own behalf.
OAuth enables server owners to authorize access to the server resources without sharing credentials. This means the user can grant access to private resources from one server to another server resource without sharing their identity.
OAuth Solves Traditional Client-Server Authentication Issues
OAuth is designed to problems and limitations found in traditional client-server authentication model where third-party applications are required to store the resource owner's credentials for future use and where resource owners cannot revoke access to an individual third party without revoking access to all third parties.
OAuth addresses these issues by introducing an authorization layer and separating the role of the client from that of the resource owner. Instead of using the resource owner's credentials to access protected resources, the client obtains an access token, issued to third-party clients by an authorization server with the approval of the resource owner.
The OAuth Protocol
The OAuth 1.0 protocol (RFC5849), published as an informational document, was the result of a small ad hoc community effort. The OAuth 2.0 protocol is not backward compatible with OAuth 1.0.
OAuth Security Flaws
In May, 2014 a security flaw was discovered in the widely used OAuth and OpenID website authentication mechanisms. The flaw was not in OAuth 2, but was a result of how some businesses implemented the standards, primary in situations where open redirects were used. Following news of the security flaw, Google said it will be more stringent in securing users when they log in to their accounts by applying additional authorization checks.
Learn about each of the five generations of computers and major technology developments that have led to the current devices that we use today. Read More »Small Business Marketing's Greatest Hits
The following compilation of small business marketing tips highlights some of the expert advice published over at Small Business Computing. Read More »13 Best Free Android Apps
From secure messaging to document editing, our top free must-have apps have been rated, reviewed and named the best free Android apps of 2015. Read More »
With cost and security in mind, we look at five cloud storage options that will suit the needs of most home and SMB owners. Read More »Windows 10 Tips for Desktop PC
Five basic tips to help you customize Windows 10 on your desktop PC. Read More »29 Free Android Apps for Cash-Strapped Students
From wacky alarm clocks to lecture hall tools and after class entertainment, these Android apps are a good fit for a student's life and budget. Read More »
Stay up to date on the latest developments in Internet terminology with a free weekly newsletter from Webopedia. Join to subscribe now.
- Watch Datamation's editor James Maguire moderate roundtable discussions with tech experts from companies such as Accenture, Dell, Blue Jeans Network, Microsoft and more »