Security

There are two types of tokens in OAuth 2.0, the access token, and the refresh token. Access token The access token represents the authorization of a specific application to access specific parts of a user’s data. Access tokens must be kept confidential in transit and in storage. The only parties that should ever see the access token are the application itself, the authorization server, and resource server. The access token can only be used over an https connection, since passing it over a non-encrypted channel would make it trivial for third parties to intercept. ...

OAuth2 is an open authorization standard designed to provide an authentication and authorization protocol for the web.OAuth 2 was created with the intention of providing a way to grant limited access to protected content hosted by third-party services in a standardized and open manner.