Skip to main content


Home OAuth

OAuth

(also Open Authorization)

OAuth definition

OAuth (Open Authorization) is an authorization protocol that allows users to grant third-party applications access to their resources on another website without sharing their login details. Websites and apps use OAuth to enable users to access services without creating a new account for each platform. An example of OAuth could be a user logging in on various sites with their Apple, Facebook, or Google account.

See also: authentication server

How OAuth works

  • The user wants to grant a third-party website or app access to their resources (e.g., profile) on another website or app.
  • The third-party platform sends an OAuth request asking for permissions from the website or app that holds the user’s resources.
  • The website or app that holds the resources prompts the user to grant permission to the third-party application.
  • If the user grants permission, the website or app that holds the user’s resources sends an OAuth access token to the third-party platform. This unique token identifier allows the third-party platform to access the resources.
  • The third-party platform can access specific resources the user has granted permission for on the website that holds the resources. The user can revoke access at any time.

OAuth examples

  • Sign in with Apple. Users can access various third-party applications using their Apple ID.
  • Sign in with Google. Google allows users to log in to third-party apps and services using their Google account.
  • Sign in with Facebook. Facebook also allows users to log in to third-party applications with their Facebook account.
  • Twitter. Twitter uses OAuth to allow third-party apps (like Tweetbot and Twitterrific) to access a user’s Twitter account and post on their behalf.
  • Dropbox. Dropbox users can connect to third-party apps with their Dropbox account without sharing their login credentials.