Oauth 2

Oauth 2 is a single-sign-on standard, also known as: Open Authorization.

The Oauth 2 documentation is managed by Internet Engineering Task Force (IETF), and was last updated in 2012.

OAuth 2.0 is a security framework that allows an application to access a user’s information from another service (like Google, Facebook, or Spotify) without ever getting their password.

Imagine you want to use a new learning tool that needs to access your name from your corporate user management system. You don’t want to give the app your corporate password because then it could access your email, documents, and everything else.

Instead, OAuth 2.0 lets you give the learning tool a special, limited-access token. Here’s how it works:

1. Requesting Permission: The learning tool says, “Hey, can I get access to your name?”
2. Redirect to the Service: Your user management system sends you (the user) to a corporate login page. You log in directly with your corporate system, so the external tool never sees your password.
3. Granting Permission: The corporate systems asks you, “This app wants to access your name. Is that okay?” You click “Yes” or “Allow.”
4. Issuing a Token: After you approve, your corporate system gives the learning tool a special access token. This token only works for your name, and only for a limited time.
5. Accessing Data: The external tool uses this token to access your name from the corporate system. If the tool tries to access your email, the token won’t work.

The whole process is about delegating authority. You are the owner of the data, and you’re giving a third-party tool permission to use some of that data on your behalf, without ever compromising your primary password.