What is Open Authorization (OAuth)?

Open Authorization (OAuth), is a widely used protocol for allowing third-party SaaS to access resources from a user's accounts, devices, and identities on a web service, without the need for the user to share their login credentials. It works by enabling the user to grant permission to the third-party application to access the web service on their behalf (e.g., SaaS services), using an access token. OAuth provides the third-party app with a 'scope' of permission within the user's account to control and operate the SaaS service.

OAuth Security Concerns

While OAuth can provide a convenient way to share access to resources across different applications, it also raises security concerns. If an attacker gains access to an access token, they may be able to access a user's account and data without their permission. This is why it's important to use secure methods for storing and transmitting access tokens, and to use multi-factor authentication and other security measures to protect against unauthorized access.

OAuth is related to OpenID Connect (OIDC). OIDC is an authentication protocol that works on top of the OAuth 2.0 framework and is used at the point of identity access to SaaS services, often driven through social accounts. However, commonly used non-social accounts continue to develop open authorization and open authentication support, leading to a dynamic environment for third-party control and scope.

Related Blog Posts

SaaS Security: Identity and Access Management

Identity and Access Management (IAM) for Shadow SaaS