In a previous post, we have introduced OAuth as a framework for API Security. But how is OAuth used and which solutions can be enabled by it?

In fact, most of OAuth is happening under the hood of modern cloud, mobile, and web applications. A few advantages can be directly noticed by the end-user. The advantages are that they have a fine-granular control over the access to their data, do not need to give their password to third parties, and if they should lose their mobile, they can remotely revoke all OAuth tokens which are stored on the lost device.

OAuth is used widely in use cases for mobile, cloud services, and web APIs. OAuth 2 is a standard that is used in mobile integration use cases when mobile apps need to communicate securely with server-side backend systems. OAuth 2 is a standard for securing many well-known web APIs, such as the APIs offered by Google, Twitter, LinkedIn, Amazon, and eBay. Most cloud-based Software-as-a-Service offerings use OAuth for protecting their services and the data of their users.

OAuth 2 is specified and standardized by the IETF in RFC6749 (http://tools.ietf.org/html/rfc6749). OAuth 1 has been replaced by OAuth 2, is outdated and not presented here. This is why we often use the short form OAuth to refer to OAuth 2.

OAuth 2.0 Usage

Also published on Medium.

Matthias Biehl

As API strategist, Matthias helps clients discover their opportunities for innovation with APIs & ecosystems and turn them into actionable digital strategies. Based on his experience in leading large-scale API initiatives in both business and technology roles, he shares best practices and provides both strategic and practical guidance. He has stayed a techie at heart and at some point, got a Ph.D. Matthias publishes a blog at api-university.com, is the author of several books on APIs, and regularly speaks at technology conferences.