Written by one of OAuth's original creators, this post explains the core purpose and historical motivation behind OAuth in plain terms. Starting from a 2006 Twitter use case, it frames OAuth as a standardized way to send a multi-use secret to a delegate with consent, and for that delegate to make requests on behalf of the user. OpenID Connect (OIDC) is described as functionally equivalent to magic-link authentication. The post argues that OAuth's complexity obscures its simple goals, and that understanding the 'why' before the 'how' is key to working with it effectively.
Sort: