In a previous post we have introduced OAuth as a framework for API Security. But how is OAuth used and which solutions can be enabled by it?
In fact, most of OAuth is happening under the hood of modern cloud, mobile and web applications. A few advantages can be directly noticed by the end user. The advantages are that they have a fine-granular control over the access to their data, do not need to give their password to third parties, and if they should lose their mobile, they can remotely revoke all OAuth tokens which are stored on the lost device.
OAuth is used widely in use cases for mobile, cloud services and web APIs. OAuth 2 is a standard that is used in mobile integration use cases, when mobile apps need to communicate securely with server-side backend systems. OAuth 2 is a standard for securing many well-known web APIs, such as the APIs offered by Google, Twitter, LinkedIn, Amazon and Ebay. Most cloud-based Software-as-a-Service offerings use OAuth for protecting their services and the data of their users.
OAuth 2 is specified and standardized by the IETF in RFC6749 (http://tools.ietf.org/html/rfc6749). OAuth 1 has been replaced by OAuth 2, is outdated and not presented here. This is why we often use the short form OAuth to refer to OAuth 2.