What is delegated is a subset of the a user’s authorization. OAuth 2.0 does not even perform the Authorization but rather provides a protocol where a OAuth Client can request that a user delegate some of their authority. The user can then approve, or deny, the request, and the OAuth Client can then act on it with the results of that approval.
More Information#There might be more information for this subject on one of the following:
- Authentication Protocol
- OAuth 2.0
- OAuth 2.0 for Native Apps
- OAuth Scope Example
- What is missing in OAuth 2.0
- [#1] - not an authentication protocol - based on information obtained 2015-07-05
- [#2] - A sample of the slides that won me #CISNOLA #TrackBattle.