What is OAuth and why do I care?

Most APIs support Basic Authentication which accepts a username and a password to authenticate users. While simple for developers, end users shouldn't be expected to hand over their application passwords to third parties to make requests on their behalf. Security concerns aside, it's also a maintenance problem. Changing your password just to shut off one rogue site
means you have to update all the sites using that password.

OAuth ditches the username and password for a single token that uniquely identifies a user and verifies their access.

For the GitHub API, which we'll use throughout this course, access tokens are 40 character strings.


Let's try an OAuth request. This is a simple call to the GitHub API to fetch a user's profile information by sending their token in the HTTP header. Run the code and reveal the actual username for our test account.