The OAuth 2.0 is an international authorization framework that enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.
OAuth addresses these issues by introducing an authorization layer and separating the role of the client from that of the resource owner. In OAuth, the client requests access to resources controlled by the resource owner and hosted by the resource server, and is issued a different set of credentials than those of the resource owner.
Instead of using the resource owner's credentials to access protected resources, the client obtains an access token -- a string denoting a specific scope, lifetime, and other access attributes. Access tokens are issued to third-party clients by an authorization server with the approval of the resource owner. The client uses the access token to access the protected resources hosted by the resource server.
For example, an end-user (resource owner) can grant an external service (client) access to her protected banking information stored at the Bit Capital platform (resource server), without sharing her username and password with the external service. Instead, she authenticates directly with a server trusted by the Bit Capital platform (authorization server), which issues the external service delegation-specific credentials (access token).
For more information checkout the official RFC Specification or one of the recommended articles below:
Updated 5 months ago