When website owners use OAuth for authentication they don't have to deal with storing the user's credentials in their own database. They simply redirect the user to the OAuth provider's website - the password is entered only once and only there.
When app developers use OAuth for perpetual authorization they only send an access token with each and every request, but not the actual password of the user.
In both cases the third-party never knows the actual password of the user.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
When website owners use OAuth for authentication they don't have to deal with storing the user's credentials in their own database. They simply redirect the user to the OAuth provider's website - the password is entered only once and only there.
When app developers use OAuth for perpetual authorization they only send an access token with each and every request, but not the actual password of the user.
In both cases the third-party never knows the actual password of the user.