OAuth is a protocol that provides flows in order to exchange authorization and authentication information between a range of web-enabled applications and services. It enables third-party applications to get restricted access to user information from a service, for example, Facebook, Twitter, or GitHub.
Before we get into the details, it would be useful to review the terminology typically used with respect to OAuth 2 authentication.
Let's consider an example. Let's say we want to expose the Todo API to third-party applications on the internet.
The following are the important players in a typical OAuth 2 exchange:
- Resource owner: This is the user of the third-party application that wants to use our Todo API. It decides ...