Introduction to OAuth 2.0
Like OpenID, OAuth is a decentralized protocol for the web space. However, while OpenID is about user authentication, OAuth is about web APIs authorization. To best understand OAuth, consider this scenario:
You have a web application that needs to access the Facebook timeline of its users. The application needs to call Facebook Web API to retrieve user timeline information. OAuth covers this scenario. The application redirects the user to Facebook where he/she is asked to log in; the mechanism by which a user logs in is irrelevant of OAuth (it could have been OpenID if Facebook supports it). Upon successful authentication, Facebook sends to the application an API key which the application then uses to authorize its access to Facebook’s API.