<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview[1]
[{$pagename}]



[{Image src='OAuth 2.0/oauth-not-auththenticaiton.jpg' caption='OAuth Not for Authentication' align=left width=1024 height=552 style='font-size: 120%}]  [2]\\


[OAuth 2.0] is __NOT__ an [Authentication] protocol. (But you could build one on top of [OAuth 2.0] as is done with [OpenID Connect]

[OAuth 2.0] is __NOT__ an [Authorization] protocol.

[OAuth 2.0] is often called an [authorization] protocol, even the [RFC 6749] is called &quot;The OAuth 2.0 Authorization Framework&quot;. However, [OAuth 2.0] is a [delegation] protocol. 

What is [delegated|Delegation] is a subset of the a user’s [authorization].  [OAuth 2.0] does not even perform the [Authorization] but rather provides a [protocol] where a [OAuth Client] can request that a [user|Resource Owner] delegate some of their authority. The user can then approve, or deny, the request, and the [OAuth Client] can then act on it with the results of that approval.

[OAuth 2.0] provides for the [Delegation] of [Authorization] 
* By the [Resource Owner] 
* to the [OAuth Client]
* for [Resource Server]
[OAuth 2.0] uses [delegation] for user [authentication] to the service that hosts the [Resource Owner] (user) account [4]

!! The problem with [OAuth 2.0] for [Authentication] [3]
A nice article on [The problem with OAuth for Authentication|http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html|target='_blank']

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [not an authentication protocol|http://oauth.net/articles/authentication//|target='_blank'] - based on information obtained 2015-07-05
* [#2] - [A sample of the slides that won me #CISNOLA #TrackBattle.|https://twitter.com/NishantK/status/740167951383433216|target='_blank']
* [#3] - [The problem with OAuth for Authentication|http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html|target='_blank']
* [#4] - [An Introduction to OAuth 2|https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2|target='_blank']
* [#5] - [OAuth 2.0 NOT an Authentication protocol|https://twitter.com/ve7jtb/status/740650395735871488|target='_blank']
* [#6] - [OAuth is not Authentication - 2 min. OAuth #9|https://youtu.be/iGFy1xHGGx4|target='_blank'] - based on information obtained 2018-10-15- 
* [#7] - [OAuth 2.0 and Sign-In|http://www.cloudidentity.com/blog/2013/01/02/oauth-2-0-and-sign-in-4/|target='_blank'] - based on information obtained 2015-07-16 











</pre>