OAuth Actors

The problem that OAuth was designed to solve:

  • A 3rd party application needs to integrate with another.

  • The former needs to access the latter's API on user's behalf, but without ever seen its credentials.

  • The user needs to be aware that the 3rd party app was delegated this access.

OAuth is not an Authorization, but a Delegation Protocol. Delegation happens before Authorization, but the former does not guarantee the latter.

PreviousAuthentication TypesNextOAuth Interaction Patterns

Last updated