OAuth is an open standard for authorization that was initially proposed as an alternative to the basic authentication pattern that we examined in the previous section.
OAuth was designed to solve the following problem: let's assume that we have two services, A and B, which are typically unrelated to each other. As end users of service A, we wish to grant it access to some of our personal data that is hosted by service B. However, we want to avoid having to divulge our credentials so that we can access service B from service A.
Common use cases for using OAuth are as follows:
- Using a third-party service as a single sign-on (SSO) provider instead of creating individual accounts for ...