OAuth is a token-based open standard access control framework. OAuth in conjunction with OpenID Connect protocol provides a federated single-sign-on experience in the web. We see this extensively used by social media sites such as LinkedIn, Facebook, and Twitter. Federated access control holds a lot of promise in IoT applications, and extensions to the OAuth protocol itself to support IoT uses cases are being worked on by IEEE and IETF. At the time of writing, many IoT protocol extensions are also being worked on to fit into the OAuth authentication and authorization framework.
OAuth provides delegated access to resources using Resource Owner (the entity that controls the data being exposed), Authorization Server (issues, controls, and revokes OAuth tokens), Client (the application, website, or other system that requests data on behalf of the resource owner), and a Resource Server (typically an API that exposes/stores...