Once a consumer has been identified, service providers can decide which interactions are allowed. This is known as authorization. Authorization is often based on a username and password combination; successfully logging in to a system grants access to some of the functions and data managed by that system. In the enterprise environment, this has worked relatively well because usernames and passwords are often managed centrally in directory services.
Authentication determines who is interacting with a service, while authorization determines what a consumer can do with the resources a service exposes.
It’s not always possible or desirable, however, to centralize and share credentials in the traditional way. When third parties provide services to the enterprise, for example, sharing usernames is normally undesirable and impractical, if not downright impossible. This is where OAuth steps in. The OAuth protocol enables services and applications to interact with resources hosted securely in third-party services, without requiring the owners of those resources to share their credentials.
At Restbucks, we understand that our busy customers don’t always have access to cash or cards when they really need their coffee. To solve this problem, Restbucks has partnered with a coffee voucher provider. This third-party provider allows customers to buy and manage vouchers that can be used to pay for coffee at Restbucks.
Importantly, Restbucks ...