What is Open Authorization OAuth?
Open Authorization OAuth Definition: The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service or by allowing the third-party application to obtain access on its own behalf.
Understanding Open Authorization OAuth
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service or by allowing the third-party application to obtain access on its own behalf. OAuth is an open standard for access delegation that allows users to grant third-party applications limited access to their resources without sharing credentials. It uses tokens rather than passwords enabling secure third-party integration for websites and applications. OAuth 2.0 is defined in RFC 6749 and related RFCs and is referenced in security frameworks like NIST SP 800-63. Organizations implement OAuth through identity providers authorization servers client registration scope definition and token management. For example a productivity application might implement OAuth to allow users to access their cloud storage files without requiring users to share their cloud storage credentials directly with the application instead receiving limited-scope tokens that grant only the necessary permissions. Related terms Authentication Authorization Federation Single sign-on Access token Identity provider OpenID Connect JWT.