What Is OAuth?
4 days ago
- #Authentication
- #OAuth
- #Delegation
- OAuth's core idea is simple: a standard way to delegate authentication with consent.
- OpenID Connect (OIDC) builds on OAuth for sign-in, functioning like 'magic link' authentication.
- Historical context: Twitter needed a way to support OpenID without passwords for desktop clients.
- OAuth emerged as a standard to replace insecure, custom solutions for delegated auth.
- OAuth's two main parts: sending a multi-use secret with consent and using it for subsequent requests.
- OAuth standards are more of a framework than a rigid specification, similar to HTML.
- OIDC was later realized as a composition of OAuth, though it took years to formalize.
- Authentication and authorization are deeply tied to UX and system architecture.
- Understanding the 'why' behind OAuth is key to navigating its complexity.