Glossary: OAuth 2Glossary

OAuth 2, short for Open Authorization Protocol, version 2, is the industry standard method for authorization defined by the Internet Engineering Task Force (IETF). It enables a third-party application to obtain limited access to a user's resources hosted on a server, without exposing the user's credentials to the third-party application.

It is the preferred method for allowing secure and controlled access to web APIs. It is widely used for applications to grant access to user information from various services such as Google, Facebook, and Twitter, and used by applications that use Unified.to’s unified API to access end users’ account on SaaS applications.

OAuth 2 is based on these roles and objects:

• Resource owner: This is the user or application who owns the data or services — the resources — and wants to grant access to them to a third-party application.
• Client: This is the third-party application requesting access to the protected resources on behalf of the resource owner.
• Authorization server: This is a server responsible for authenticating the resource owner and issuing permission in the form of access tokens (see below) to the third-party application (the Client) to access the resources after the Resource Owner grants authorization. It performs two important security tasks: verifying the identity of the Resource Owner and confirming that the Client is authorized to access the requested resources.
• Resource server: This is the server hosting the resources that the Client wants to access; in other words, it houses the API. The Resource Server validates the access tokens presented by the Client, granting access to the requested resources if the tokens are valid.
• Access token: An access token is a credential representing the authorization granted to the client by the resource owner. The client presents this token to the resource server to access the protected resources. Access tokens are short-lived and typically have limited scopes, which are permissions for access to specific resources and actions granted to the Client.
• Refresh token: A refresh token is used to obtain a new access token when the current one expires, without requiring the user to re-authenticate.

OAuth 2 offers the following benefits:

• Security: It allows applications to access resources without exposing user credentials, reducing the risk of credential theft.
• User Experience: It delivers a seamless user experience by allowing users to authorize applications without having to repeatedly entering their credentials.
• Scalability: It supports various authorization flows to accommodate different types of applications and use cases.
• Interoperability: As an open standard, OAuth 2.0 is widely adopted and supported by numerous services and platforms, enabling integration across different systems.