OAuth stands for Open Authorization.
It’s used for delegated authorization to delegate the responsibilities of user authorization to some other service rather than managing them on its own
identity layer on top of OAuth2.0. The two fundamental security concerns,
authentication and API access, are combined into a single protocol called OpenID
Connect.
When you check in to a hotel, you present to the reception with your driving
license or passport. This establishes who you are i.e. your identity. Then hotel
receptionist issue you a key card that encoded with what you have access
to, which will include your room access, it might also include the gym or
swimming pool access too. That is your authorization. The best part is that your
personal and billing information never leaves the front desk. This is OAuth.
