Open Authorization (OAuth)
What is Open Authorization (OAuth)?
OAuth is an authorization framework that allows one application to access specific resources on behalf of a user without exposing the user's password to that application.
Examples
- A user allows a calendar app to access their cloud email account so it can read event information without giving the app the email password.
- A social media management tool receives permission to post on a user's behalf through an OAuth flow instead of storing the user's login credentials.
Discover 🔎
Many modern apps need to work together. A scheduling tool may want access to a calendar service, a document platform may need permission to connect to cloud storage, and a business dashboard may need to pull data from another system’s API. The security problem is obvious: how can one application access another service without asking the user to hand over their password directly?
OAuth exists to solve that problem. Instead of sharing credentials, the user can approve limited access and the application receives a token that represents that permission. This makes OAuth one of the most important frameworks behind secure app-to-app access on the modern web.
Summary 📝
OAuth is a framework for delegated authorization that allows an application to access specific resources on behalf of a user without receiving the user’s password. Its main value is that it replaces broad credential sharing with limited, token-based access. In modern apps and APIs, OAuth is one of the core ways systems connect securely while keeping permission more controlled and easier to revoke.
Tip: The interactive version includes progress tracking, decks, and premium deep dives.