What is OAuth 2?
Last updated on
Share your thoughts
OAuth 2.0 is OAuth...
OAuth 2 is OAuth just like Java 8 is Java at the end of the day.
OAuth 2.0 is a framework for securely accessing user info without requiring the username/password.
better than OAuth 1....
OAuth 2.0 is a complete rewrite of the OAuth 1.0 protocol...
The OAuth 1.0 protocol was established with the advent of social media when users wanted to share pictures/contacts/info from one site to another.
While applications could always just get a user's credentials to access their information from another site, this presented many security vulnerabilities. Not only would the application have unlimited access to a user's (Facebook) account, they could also drop the ball on securely storing the user's sensitive information. Regardless of intent, an application requesting a user's credentials for another site was a big no no.
This led to the OAuth protocol characterized by obtaining limited authorized access to a user's account. Without revealing the user's credentials, applications can access a user's information from another site in a secure fashion.
While OAuth 1.0 achieved this goal, it had several pitfalls that led to the development of OAuth 2.0.
OAuth 2.0 solved a lot of the issues experienced with OAuth 1.0, including offering a more diverse group of "flows" or grant types and not requiring cryptographic efforts from developers as much.
When people talk about OAuth in 2023, they are talking about OAuth 2.0.