Oauth2-overview

1. OAuth (Open Authorization) is an open standard for token-based authentication and authorization on the Internet. 
2. OAuth, which is pronounced "oh-auth," allows an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password.

OAuth 2.0 

1. It is the industry-standard protocol for authorization. 
2. OAuth 2.0 supersedes the work done on the original OAuth protocol created in 2006. 
3. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. 
4. This specification and its extensions are being developed within the IETF OAuth Working Group.

OAuth 2.0 Core

• OAuth 2.0 Framework - RFC 6749
• OAuth 2.0 Grant Types
  • Authorization Code
  • Implicit
  • Password
  • Client Credentials
  • Device Code
  • Refresh Token
• OAuth 2.0 Bearer Tokens - RFC 6750
• Threat Model and Security Considerations - RFC 6819
• OAuth 2.0 Security Best Current Practice