What is OAuth 2?

Your thoughts?


OAuth 2.0 is a complete rewrite of the OAuth 1.0 protocol...

The OAuth 1.0 protocol was established with the advent of social media when users wanted to share pictures/contacts/info from one site to another.

While applications could always just get a user's credentials to access their information from another site, this presented many security vulnerabilities. Not only would the application have unlimited access to a user's (Facebook) account, they could also drop the ball on securely storing the user's sensitive information. Regardless of intent, an application requesting a user's credentials for another site was a big no no.

This led to the OAuth protocol characterized by obtaining limited authorized access to a user's account. Without revealing the user's credentials, applications can access a user's information from another site in a secure fashion.

While OAuth 1.0 achieved this goal, it had several pitfalls that led to the development of OAuth 2.0.

OAuth 2.0 solved a lot of the issues experienced with OAuth 1.0, including offering a more diverse group of "flows" or grant types and not requiring cryptographic efforts from developers as much.

When people talk about OAuth in 2023, they are talking about OAuth 2.0.


OAuth 2.0 is OAuth...


OAuth 2 is OAuth just like Java 8 is Java at the end of the day.


OAuth 2.0 is a framework for securely accessing user info without requiring the username/password.


better than OAuth 1....