OAuth is an delegated authorization framework that enables a third-party application to obtain a limited access to HTTP services like google , twitter , facebook. 

What is the problem OAuth solves

Let us say a photo editing website wants to access a user’s google drive service (or Dropbox service) to save edited photos . How would the user authorize the photo editing website so that the website can access user’s google drive?

Solution 1
The user shares his/ her Google/Dropbox credentials with the photo editing website . The downside is that this would give the website un restricted access to the user’s google account.

Solution 2


The above flow is a simplified view of the oauth flow .

Important roles in OAuth (explained based on above example)



Key points to note