OAuth: When Things Go Wrong
Picture this: you sign up for a new app, and it asks if any of your friends are using it. In order to find out, the app asks for your email address...and your password. While it seems ludicrous now, this was once considered a normal user flow. But many apps still need permissions from third-party programs. And if users can’t do this safely, they’ll likely do it anyway.
Instead of requiring a password field, OAuth asks for temporary permissions to one particular part of an account, solving the problem with limited-permission access tokens.
How does OAuth work?
Every OAuth interaction involves four roles: The user, the application they want to use, the OAuth server, and the third-part