# oauth

Oauth is an authentication protocol used for [[web services]]. It was created as a way to get around basic HTTP authentication with a username and password.


## Oauth roles

resource owner
: entity capable of granting access to a protected resource

resource server
: server hosting protected resource

client
: application making request on behalf of resource owner

authorization server
: server issuing tokens for client


## Flow     :ATTACH:

[[Screenshot from 2021-07-18 12-38-48.png]]


## Links

-   [spec](https://datatracker.ietf.org/doc/html/rfc6749)