14 Facts About OAuth

OAuth is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

Generally, OAuth provides clients a "secure delegated access" to server resources on behalf of a resource owner.

OAuth began in November 2006 when Blaine Cook was developing the Twitter OpenID implementation.

Eran Hammer joined and coordinated the many OAuth contributions creating a more formal specification.

At the 73rd Internet Engineering Task Force meeting in Minneapolis in November 2008, an OAuth BoF was held to discuss bringing the protocol into the IETF for further standardization work.

Related searches

OAuth is a service that is complementary to and distinct from OpenID.

OAuth is unrelated to OATH, which is a reference architecture for authentication, not a standard for authorization.

However, OAuth is directly related to OpenID Connect, since OIDC is an authentication layer built on top of OAuth 2.

OAuth is unrelated to XACML, which is an authorization policy standard.

OAuth is an authorization protocol, rather than an authentication protocol.

However, because OAuth was not designed with this use case in mind, making this assumption can lead to major security flaws.

XACML and OAuth can be combined to deliver a more comprehensive approach to authorization.

Where OAuth focuses on delegated access, and identity-centric authorization, XACML takes an attribute-based approach which can consider attributes of the user, the action, the resource, and the context .

OAuth is limited in granularity to the coarse functionality exposed by the target service.