OAuth 2.0: Benefits and use cases — why?

Question

Could anyone explain what\'s good about OAuth2 and why we should implement it? I ask because I\'m a bit confused about it — here\'s my current thoughts:

OAuth1 (more

Answer 1

I would answer this question slightly differently, and I will be very precise and brief, mainly because @Peter T answered it all.

The main gain that I see from this standard is to respect two principles:

1. Separation of concerns.
2. Decoupling authentication from the web application, which usually serves business.

By doing so,

1. You can implement an alternative to Single SignOn: If you have multiple applications that trust one STS. What I mean, one username for all applications.
2. You can enable your web application (The client) to access resources that belong to the user and do not belong to the web application (The client).
3. You can mandate the authentication process to a third party that you trust , and never worry about user authenticity validation.