Overview

Managing sign-in credentials has become a complex process. In the beginning, we had just password complexity (e.g. minimum length, at least one number, at least one letter) to deal with. Nowadays, a robust sign-in process also has to deal with password history (don't re-use passwords), account lockout (after a number of unsuccessful attempts), password recovery (security questions), and most recently, multi-factor authentication (e.g. using your mobile phone to retrieve a secondary passcode). Rather than dealing with this complexity, it is far simpler to delegate the sign-in process to a 3rd-party service. That's where OAuth comes in. It provides an open standard for performing that delegation.

Example

For example, if you delegate the sign-in process to Google, it will ask you to enter your email address and password if you are not already logged in, after which it it will present a dialog asking for permission to provide access to your sign-in information. See the image below left, for an example.

If you allow access, then the application has access to all of the information for which access has been granted. See the image below right, for an example.