Capabilities

OAuth ("Open Authorization") is a delegated authorization framework for REST/APIs. It enables apps to obtain limited access (scopes) to a user’s data without giving away a user’s password. It decouples authentication from authorization and supports multiple use cases addressing different device capabilities. It supports server-to-server apps, browser-based apps, mobile/native apps, and consoles/TVs. You can think of this like hotel key cards, but for apps. If you have a hotel key card, you can get access to your room. How do you get a hotel key card? You have to do an authentication process at the front desk to get it. After authenticating and obtaining the key card, you can access resources across the hotel. To break it down simply, OAuth is where: - App requests authorization from User - User authorizes App and delivers proof - App presents proof of authorization to server to get a Token - Token is restricted to only access what the User authorized for the specific App