# OAuth 2.0 1. OAuth is about how to "authorization" and "authorization btw services" 2. target: apps want to access the resource on behalf of the user 3. example  3a. car owner and valet  3b. rather than give the valet the master car key, give the valet the special key to access limited/reduced services to utilize the car.  4. OAuth flow 4a. service-a(sa:photo print app) and service-b(sb: google drive service) trust the user but dont trust each other. 4b. with OAuth implementation, sa want to get user's data in sb. when the request occurs(sa request to sb), sb ask the user's permittion to agree sa get the resourse. If user agree these task, sb give sa "authorization token"(as valet key) 4c. each time sa ask user's data in sb, sa send the request with the token, when sb recoginize these authorization token, sb agree these request. the familiar window when the app ask for your permission to get the user's facebook infomation.  5. the token should be secure and contain the user info => JSON Web Token(JWT) reference: [What is OAuth really all about - OAuth tutorial - Java Brains](https://www.youtube.com/watch?v=t4-416mg6iU&ab_channel=JavaBrains) ###### tags: `OAuth`