Contributor(s): Stephanie Mann

OAuth (Open Authorization) is an open standard for token-based authentication and authorization on the Internet.

OAuth, which is pronounced "oh-auth," allows an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password. OAuth acts as an intermediary on behalf of the end user, providing the service with an access token that authorizes specific account information to be shared. The process for obtaining the token is called a flow.

OAuth, which was first released in 2007, was conceived as an authentication method for the Twitter application program interface (API). In 2010, The IETF OAuth Working Group published OAuth 2.0. Like the original OAuth, OAuth 2.0 provides users with the ability to grant third-party access to web resources without sharing a password. Updated features available in OAuth 2.0 include new flows, simplified signatures and short-lived tokens with long-lived authorizations.

David Rice explains how OAuth works.

View Part 2, Part 3 and Part 4 of David Rice's explanation.

See also: Open ID, single sign-on

This was last updated in June 2012

Continue Reading About OAuth

Dig Deeper on Mobile app development

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

If you need an Oath token for Azure or Office 365 you might find want to consider using Deepnets SafeID
OAuth is not for Authentication. The first line of the article itself is wrong.


File Extensions and File Formats