Oauth 2.0 Authorization Framework
###Difference between OpenID and OAuth
While OpenID is all about using a single identity to sign into many sites, OAuth is about giving access to your stuff without sharing >your identity at all (or its secret parts). [[1]][1]
The two can be used separately or together
- OAuth negotiates getting users to grant access
- OpenID makes sure users are who they say they are
###What
An open standard for API access delegation
###Why
Web services increasingly rely on data provided by other sites to operate (think Printsagram, a photo printing service for your instagram)
Without OAuth or similar frameworks
- account credentials are left to the service to store properly and securely
- service has unbounded, unlimited access to all account data
- account owner can't revoke access to one service without revoking access to all services
- if a service is comprimised then account credentials and data are at risk
[1]: http://oauth.net/about/ [2]: https://tools.ietf.org/html/rfc6749 [3]: https://tools.ietf.org/html/rfc6819