Too bad, I had been hoping for a simplified explanation of OAuth. You still have to send a password for authorization, so I don't see how OAuth is an improvement over that.
When website owners use OAuth for authentication they don't have to deal with storing the user's credentials in their own database. They simply redirect the user to the OAuth provider's website - the password is entered only once and only there.
When app developers use OAuth for perpetual authorization they only send an access token with each and every request, but not the actual password of the user.
In both cases the third-party never knows the actual password of the user.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Too bad, I had been hoping for a simplified explanation of OAuth. You still have to send a password for authorization, so I don't see how OAuth is an improvement over that.
When website owners use OAuth for authentication they don't have to deal with storing the user's credentials in their own database. They simply redirect the user to the OAuth provider's website - the password is entered only once and only there.
When app developers use OAuth for perpetual authorization they only send an access token with each and every request, but not the actual password of the user.
In both cases the third-party never knows the actual password of the user.