Photo by Paulius Dragunas on Unsplash
OAuth - a Starter for Ten
A very basic intro for complete beginners. Part of the Starter for Ten series.
So what is OAuth?
OAuth allows you to share information between different websites or apps, without giving away your password.
It's what allows you to post an Instagram photo to Facebook too, without giving Facebook your Instagram username and password, for example. First, Facebook would ask your permission to access your Instagram account - you've probably seen a similar popup, asking you to approve - Facebook then receives an access token for that single Instagram photo. Facebook then goes to Instagram and says 'please can I have this photo, the user has given me permission, here's my token to prove it'. Instagram verifies the token and gives Facebook access to the photo. (Credit to Zach Cabading for this real-life example).
It all happens in the background, so you, as a user, often don't see the OAuth process taking place, once you've approved the popup message.
What is an access token?
Instead of using passwords, OAuth uses 'access tokens'. They can be set to expire after a short time, or last a long time.
"An access token gives one third-party source temporary access to a limited amount of your personal information on another third-party source" (Zach Cabading HP Tech Takes).
What does an access token look like?
OAuth doesn't specify what a token should look like. Usually, people use JSON Web Tokens (JWT), which is a recognised standard.
What else do I need to know?
There are 2 versions - OAuth 1.0 and the newer OAuth 2.0, which is much more widely used.
Find out more:
https://developer.okta.com/blog/2017/06/21/what-the-heck-is-oauth