OAuth

OAuth is an open authorization standard used to provide secure client application access to server resources. The OAuth authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner or by allowing the third-party application to obtain access on its own behalf.

OAuth enables server owners to authorize access to the server resources without sharing credentials. This means the user can grant access to private resources from one server to another server resource without sharing their identity.

OAuth Solves Traditional Client-Server Authentication Issues

OAuth is designed to problems and limitations found in traditional client-server authentication model where third-party applications are required to store the resource owner’s credentials for future use and where resource owners cannot revoke access to an individual third party without revoking access to all third parties.

OAuth addresses these issues by introducing an authorization layer and separating the role of the client from that of the resource owner. Instead of using the resource owner’s credentials to access protected resources, the client obtains an access token, issued to third-party clients by an authorization server with the approval of the resource owner.

The OAuth Protocol

The OAuth 1.0 protocol (RFC5849), published as an informational document, was the result of a small ad hoc community effort. The OAuth 2.0 protocol is not backward compatible with OAuth 1.0.

OAuth Security Flaws

In May, 2014 a security flaw was discovered in the widely used OAuth and OpenID website authentication mechanisms. The flaw was not in OAuth 2, but was a result of how some businesses implemented the standards, primary in situations where open redirects were used. Following news of the security flaw, Google said it will be more stringent in securing users when they log in to their accounts by applying additional authorization checks.

Vangie Beal
Vangie Beal
Vangie Beal is a freelance business and technology writer covering Internet technologies and online business since the late '90s.

Top Articles

Huge List Of Texting and Online Chat Abbreviations

From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top...

How To Create A Desktop Shortcut To A Website

This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Creating a desktop...

The History Of Windows Operating Systems

Microsoft Windows is a family of operating systems. We look at the history of Microsoft's Windows operating systems (Windows OS) from 1985 to present...

Hotmail [Outlook] Email Accounts

  By Vangie Beal Hotmail is one of the first public webmail services that can be accessed from any web browser. Prior to Hotmail and its...

Common Business-Oriented Language (COBOL)...

What is COBOL? COBOL stands for Common Business-Oriented Language. It is a 60-year-old programming...

Shared Hosting Definition &...

Shared hosting is a web hosting model in which multiple sites occupy the...

Database Integration Definition &...

Database integration consolidates data from multiple sources to provide businesses with more comprehensive...