OAuth 2 is an industry standard authorization protocol defined by the IETF. This protocol, which I refer to as just OAuth, enables users to authorize third-party access to protected resources. Most importantly, it allows users do this without exposing their authentication credentials to third parties. In this chapter, I explain the OAuth protocol, walking through it with Alice, Bob, and Charlie. Eve and Mallory both make an appearance as well. I also show you how to implement this protocol with two great tools, Django OAuth Toolkit and requests-oauthlib.
You have probably already used OAuth. Have you ever visited a website such as medium.com, where you could “Sign in with Google” or “Log in with Twitter?” This feature, known as social login, is designed to simplify account creation. Instead of pestering you for your personal information, these sites ask you for permission to retrieve your personal information from a social media site. Beneath the hood, this is often implemented with OAuth.