OAuth is an open-standard authorization protocol or framework that describes how unrelated servers and services can safely allow authenticated access to their assets without sharing their credentials.
Using OAuth is when you go to log onto a website, and it lets your log on through another service’s logon.
Using OAuth, a website connects to a second website on behalf of the user using the user’s verified identity.
The second site generates a single-use token and secret unique to the transaction
The first site provides the token and secret to the user’s software.
The user’s software gives the request token and secret to their authorization provider (which may be the second site, or another site)
The user is asked to approve the authorization to the second website
The user approves
The user is granted an access token
The user gives the access token to the first website
The first website gives the access token to the second website as proof of authentication
The second website grants access to the site
The user views the results of the successful transaction.
OpenID is like OAuth, but for authentication. “OpenID is for humans logging into machines. OAuth is for machines logging into machines on behalf of humans”
Source: Authorization and Authentication flows
Authorization verifies what a user has access to.
Authentication verifies who a user is.
Authorization code flow involves exchanging an Authorization Code for a token
A grant type for applications that cannot securely store a client secret, like native or single-page apps.
A flow that uses OpenID Connet (OIDC) to implement web sign-ins without needing a secret.
A flow that is used by machine-to-machine(M2M) applications to authenticate and authorize instead of the user needing to.
A flow where a user is asked to click a link in order to authorize a device.
A flow where users enter their username and password directly.
Is one company involved that does all of this, and how do they make their money?