OAuth (Open Authorization) is a standard protocol for authorization and delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. It is designed specifically to work on HTTP.
OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server.[
High Level Flow:
OAuth flow is a two step process:
Authentication is the process of verifying the identity of a user by obtaining some sort of credentials and using those credentials to verify the user's identity. If the credentials are valid, the authorization process starts. Authentication process always proceeds to Authorization process.
On other hand, Authorization is the process of allowing an authenticated users to access the resources by checking whether the user has access rights to the system. Authorization helps you to control access rights by granting or denying specific permissions to an authenticated user.
Abstract flow diagram
OAuth is not any API but a protocol which gives ability to access resources to clients without sharing passwords. It works on HTTP. There are few types of mode/ways to use OAuth called grant types that can be used to access resources in some specific situations as not all type of modes can be used everytime. To know more about OAuth actual implementation, please go through some of links mentioned below.