OAuth is an authorization framework that provides specific authorization flows which allow unrelated servers to access authenticated resources without sharing any passwords. It works by allowing applications to authenticate with third-party services in exchange for an access token which can be passed with an HTTP request to access protected content.

In this lesson, we will learn how to implement OAuth 2.0, which is a rewrite of OAuth 1.0 that simplifies the process and introduces the following four OAuth Roles:

  • Resource Owner: the user who authorizes an application to an account
  • Resource Server: the API server that accepts access tokens and verifies their validity
  • Authorization Server: the server that issues access tokens
  • Client: the application that requests the access tokens


View the diagram on the right about the relationship between OAuth roles. Click “Next” when you’re ready!

Take this course for free

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?