What exactly is OAuth (Open Authorization)?

Question

What exactly is OAuth (Open Authorization)?

I have gleaned some information from

• OAuth
• Twitter Tutorial: What is OAuth And What It Means To Y

Answer 1

OAuth(Open Authorization) is an open standard for access granting/deligation protocol. It used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. It does not deal with authentication.

Or

OAuth 2.0 is a protocol that allows a user to grant limited access to their resources on one site, to another site, without having to expose their credentials.

• Analogy 1: Many luxury cars today come with a valet key. It is a special key you give the parking attendant and unlike your regular key, will not allow the car to drive more than a mile or two. Some valet keys will not open the trunk, while others will block access to your onboard cell phone address book. Regardless of what restrictions the valet key imposes, the idea is very clever. You give someone limited access to your car with a special key, while using your regular key to unlock everything. src from auth0

• Analogy 2: Assume, we want to fill an application form for a bank account. Here Oauth works as, instead of filling the form by applicant, bank can fill the form using Adhaar or passport.

  Here the following three entities are involved:

  1. Applicant i.e. Owner
  2. Bank Account is OAuth Client, they need information
  3. Adhaar/Passport ID is OAuth Provider