OAuth

OAuth is an industry-standard authorization protocol that enables users to grant third-party applications limited access to their accounts on other services without sharing their passwords. When you log into a website using your Google or GitHub account, OAuth is the protocol handling that exchange. The application receives a token with specific permissions rather than the user's actual credentials.

The protocol works through a flow where the user is redirected to the service provider, authenticates directly with that provider, and is then redirected back to the application with an authorization code. The application exchanges this code for access tokens that can make API requests on the user's behalf. Scopes define exactly what the application can access, and tokens can be revoked without changing the user's password.

For web developers, OAuth is essential for implementing social login, accessing third-party APIs like Google Calendar or GitHub repositories, and building integrations between services. OAuth 2.0 is the current standard, with OpenID Connect built on top of it for authentication specifically. Implementing OAuth correctly requires careful handling of redirect URIs, state parameters for CSRF protection, token storage, and refresh token rotation to maintain security throughout the authorization lifecycle.