← GlossaryDashiraPricing

What is OAuth 2.0?

OAuth 2.0 is a secure authorization framework allowing apps to access resources without sharing passwords.

Explain Like I'm 5

Imagine you're going to a concert with a special wristband that lets you into certain areas, like backstage, without needing to show your ID each time. OAuth 2.0 is like that wristband for the internet. It lets you use different apps by logging in with something like your Google account, without giving out your actual password to each app.

Instead of giving every app your main password, OAuth 2.0 gives them a temporary pass. This keeps your main password safe, just like you wouldn't give everyone the key to your house, only a guest pass. This way, you can safely use multiple services without logging in over and over.

Technical Definition

Definition

OAuth 2.0 is an open standard authorization framework that allows third-party applications to gain limited access to user accounts on an HTTP service, such as Facebook, GitHub, or Google, without exposing the user's password.

How It Works

  1. 1Request: A third-party application asks to access the HTTP service on the user's behalf.
  2. 2Authorization: The user authenticates and permits the service to issue an access token.
  3. 3Token Issuance: The service provides an access token to the third-party application.
  4. 4Access: The application uses this token to access the user's data on the service.
  5. 5Expiration: The token expires after a set time, ensuring limited access.

Key Characteristics

  • Token-based: Utilizes tokens instead of user credentials.
  • Scope-defined: Access can be restricted to specific resources.
  • Time-constrained: Tokens have expiration times to limit their validity.

Comparison

FeatureOAuth 2.0Basic AuthAPI Key
Token-basedYesNoNo
Password storageNoYesNo
Scope controlYesNoLimited

Real-World Example

When you log into Spotify using your Facebook account, Spotify employs OAuth 2.0 to access your Facebook profile without knowing your Facebook password.

Best Practices

  • Always use HTTPS to encrypt tokens during transmission.
  • Regularly review and revoke unused access tokens.
  • Define narrow scopes for access tokens to limit exposure.

Common Misconceptions

  • OAuth 2.0 is not the same as OpenID Connect, though they are often used together for authentication and authorization.
  • OAuth 2.0 does not handle authentication, it only manages authorization.
  • Tokens are not inherently secure, they require proper handling and storage to maintain security.

Keywords

what is OAuth 2.0OAuth 2.0 explainedOAuth 2.0 in dashboardsOAuth vs OpenIDOAuth 2.0 securityOAuth tokens

Turn your data into dashboards

Dashira transforms CSV, Excel, JSON, and more into interactive HTML5 dashboards you can share with anyone.

Try Dashira Free