Introduction
Web applications sometimes need access to certain user information in another web service. In such a case how do you get your app authorized, on behalf of user, against that web service? Years ago this problem was solved by user giving their credentials to web application and then the web application uses them to authenticate itself against the web service. But, in user’s perspective, giving away their credentials to another web application to log in as himself, is not a good story, because with user credentials, web application gets the full control of user account until user changes their password. People needed a solution for this, and they came up with a variety of solutions such as Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Upcoming api, Flickr api, Amazon Web Services api [1] etc. But there were a lot of differences between each of them, and so people needed a standard for this. This is where OAuth came into play.
What is OAuth?
OAuth is an open protocol which enables an application to access certain user information or resource from another web service, without giving user credential for the web service to the web application. For example, a user needs to allow a third party application to change his twitter profile picture. When OAuth is used for authorization, it allows 3rd party application to change user’s profile picture after user authorize it to do so without giving credentials directly to the web application.
