OAuth 2.0 Security - How to Secure your OAuth
OAuth 2.0 OAuth is an open standard for authorization, commonly used as a way for Internet users to log in to third party websites using their accounts at Google, Facebook, Microsoft, Twitter, etc.—but without exposing their password. Generally, OAuth provides to clients a "secure delegated access" to server resources on behalf of a resource owner. Figure 1 shows the OAuth 2.0 exchange at an abstract level and illustrates the main entities. For most parts of this document the focus is on the interaction between the Client and the Authorization Server and between the Client and the Resource Server. +--------+ +---------------+ | |--(A)- Authorization Request ->| Resource | | | | Owner | | |<-(B)-- Authorization Grant ------| | | |