top of page

OAuth 2.0 | Is it an API or service ? | What is OAuth actually ?

Before we start with understanding of OAuth 2.0, I'm sure we must have seen below image or a similar image while login to various websites.

And, I'm pretty sure we'll agree that it has made login to applications very easy for us. We no longer have to remember passwords for so many websites which we visit on frequent basis, and if you ask me; it's practically very difficult to remember so many passwords.

But where does OAuth come into picture?

Is it an API which gets called or is it a service which gets invoked or is it a login flow just like shown in the image above or is it a security stuff which makes your application more secure ?

OAuth stands for "Open Authorization". It's merely a standard for authorization; that means anyone can implement OAuth in their application.

Reiterating, OAuth is a standard for authorization NOT authentication.

OAuth 2.0 replaced OAuth 1.0 in 2012 and OAuth 2.0 is not backward compatible with 1.0. OAuth 2.0 is now a de-facto standard for online authorization. Thus when we say OAuth, it is more or less means we're referring to OAuth 2.0.

OAuth allows a website to access resources hosted by another website/application on behalf of the user without sharing the credentials. User himself/herself provides consent for authorization. e.g. In image shown below, only if I give consent and click on the account, the site 'Medium' will allow me sign-in and in exchange Google will share the mentioned details (in image) with 'Medium' application.

Therefore, it's a secured restricted access to resources, plus it's a consent based access plus without sharing of credentials.

I hope you got it till this point. There is a lot more to understand, but the curiosity should remain, hence we will deep dive further onto this with subsequent articles.

Till then, Happy Learning! Do connect or follow me at LinkedIn, subscribe at YouTube/Facebook/Twitter!

bottom of page