OAuth 2.0 is a simplified and more flexible version of the OAuth protocol. It has become the de facto standard for authorization and authentication on the web. OAuth 2.0 focuses primarily on providing authorization frameworks for various types of applications, making it easier for developers to integrate third-party services without dealing with the intricacies of authentication.
This new-age OAuth protocol introduced the concept of access tokens, which are short-lived credentials obtained by the client (requesting application) from the authorization server (where the user logs in) after the user grants permission. These access tokens are then used to access the user’s resources on the service provider’s platform. OAuth 2.0 also provides different grant types to cater to various scenarios, such as web applications, mobile apps, and server-to-server communication.
The OAuth 2.0 spec emerged after the IETF working group came together. The work on this new spec was very contentious because of the different visions between the developers and the enterprise world. Interestingly, it was the people on the “enterprise” side of things that ended up finalizing the OAuth 2.0 spec.
In order to implement OAuth 2.0 for your web service today, you will need to get information from a number of different A Request for Comments. However, the OAuth 2.0 standard does not need a specific type of token or grant, which gives much more freedom when implementing OAuth 2.0 into your application.
Before choosing this standard, it’s very important to read the security guidance and fully understand what type of decision you are making when implementing Oauth 2.0.