Back to Production-Engineering
- open standard for auth, for gaining "secure delegated access"
- an example is using facebook to login
- instead of using several username-passcode pairs, OAuth enables SSO, where you have just one username-passcode to access several independent systems
- public and confidential clients: confidential are applications that are trusted to store secrets. i.e. not a binary with encoded secrets distributed over the app store
- an example of a confidential client is a server running some api
- access tokens are short lived OAuth tokens in order to access the resource server
- refresh tokens are long lived (days, years) which can be revoked, and should be stored on a confidential client