OAuth is an open standard authorization protocol that provides secure access to an application. OAuth provides secure access delegation. OAuth doesn't share password data but uses the authorization token to establish the identity between service providers and consumers. Users of an application provide access to their information without giving login credentials. While OAuth is mainly for authorization, many organizations have started adding their own mechanisms for authentication. OpenID Connect defines the authentication standard on top of OAuth authorization.
Large technology companies such as Amazon, Facebook, Google, and Twitter allow the user to share information in their account with third-party applications. For example, you can log in to a new photo app using your Facebook login and authorize the new app to access only your Facebook photo information. The following diagram illustrates an OAuth access delegation flow:
