If you’ve ever used a “Sign In With Facebook” button, or given a third-party app access to your Twitter account, you’ve used OAuth. It’s also used by Google, Microsoft, and LinkedIn, as well as many other account providers. Essentially, OAuth allows you to grant a website access to some information about your account without giving it your actual account password.
OAuth for Signing In
OAuth has two main purposes on the web at the moment. Often, it’s used for creating an account and signing into an online service more conveniently. For example, rather than create a new username and password for Spotify, you can click or tap “Sign In With Facebook”. The service checks to see who you are on Facebook and creates a new account for you. When you sign into that service in the future, it sees that you’re sign in with the same Facebook account and gives you access to your account. You don’t need to set up a new account or anything—Facebook authenticates you instead.
This is very different from simply giving the service your Facebook account password, however. The service never gets your Facebook account password or full access to your account. It can only view a few limited personal details, like your name and email address. It can’t view your private messages or post on your Timeline.
Those “Sign In With Twitter”, “Sign In With Google”, “Sign In With Microsoft”, “Sign In With LinkedIn”, and other similar buttons for other websites work the same way, to
OAuth for Third-Party Applications
OAuth is also used when giving third-party apps access to accounts like your Twitter, Facebook, Google, or Microsoft accounts.
It allows these third-party apps access to parts of your account. However, they never get your account password. Each application gets a unique access token that limits the access it has for your account. For example, a third-party application for Twitter may only have…The post What Is OAuth? How Those Facebook, Twitter, and Google Sign-in Buttons Work appeared first on FeedBox.