Exam SY0-501 topic 1 question 635 discussion

C. OAuth uses authorization tokens to prove an identity between consumers and service providers. OAuth provides a simpler mobile experience, while SAML is geared towards enterprise security.

This is really confusing since OAuth does NOT deal with authentication, only authorization.

When you check in to a hotel, you get a key card which you can use to enter your assigned room. You can think of the key card as an access token. The key card says nothing about who you are, or how you were authenticated at the front desk, but you can use the card to access your hotel room for the duration of your stay. Similarly, an OAuth 2.0 access token doesn’t indicate who a user is, it just is the thing you can use to access data, and it may expire at some point in the future

OAuth is an open standard for authorization many companies use to provide secure access to protected resources. Instead of creating a different account for each web site you access, you can often use the same account that you've created with Google, Facebook, PayPal, Microsoft, or Twitter. Source: CompTIA Security+ Get Certified Get Ahead SYO-501 Study Guide, page 115 - Darril Gibson

In simple language, OAuth (Open Authorization) is an open standard for token-based authentication and authorization on the Internet. OAuth, which is pronounced “oh-auth,” allows an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password.

"OAuth is an authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password."