An Open Protocol to allow secure authorization using a standard method for the Web, Mobile and Desktop Applications. It’s very important to note that OAuth is an authorization protocol not an authentication protocol.

It’s based in the OAuth 2.0 authorization framework that enables a third-party application to obtain limited access to an HTTP Service by orchestrating an approval between the resource owner and the HTTP service.

There are four roles in the authorization flow:

Resource Owner. Capable of granting access to a protected resource. If the owner is a person, it’s called an end-user.

Resource Server. The server hosting the protected resources, it accepts and responds to access tokens in order to provide access to them.

Client. An application making resource requests on behalf of the resource owner.

Authorization Server. The Server issuing tokens to the client once succesfully authenticating the resource owner.