Web Development

What is OAuth?

OAuth is an open standard that lets apps access resources on your behalf without ever seeing your password.

OAuth is an open standard for delegated authorization. It lets you grant one app limited access to your data on another service — without giving away your password. It's what powers "Sign in with Google" and "Connect your GitHub account."

How It Works:

  1. You click "Sign in with X" on an app
  2. You're redirected to X to log in and approve access
  3. X sends the app an authorization code
  4. The app exchanges that code for an access token
  5. The app uses the token to call X's API on your behalf

Key Concepts:

  • Resource owner: You, the user
  • Client: The app requesting access
  • Authorization server: Issues tokens (e.g. Google)
  • Access token: Short-lived key granting limited access
  • Scopes: The specific permissions requested

Why It's Better Than Passwords:

  • The app never sees your password
  • Access is limited to specific scopes
  • You can revoke access at any time
  • Tokens can expire automatically

FAQ

Is OAuth the same as authentication?

Not quite. OAuth is about authorization (what an app can access). "Sign in with X" adds authentication via OpenID Connect, a layer built on top of OAuth.

What's the difference between OAuth 2.0 and OAuth 1.0?

OAuth 2.0 is the modern, widely used version. It's simpler for developers, relies on HTTPS for security, and supports multiple flows for different app types.

Promote your content

Reach over 400,000 developers and grow your brand.

Join our developer community

Hang out with over 4,500 developers and share your knowledge.