oauth cheat sheet

Allows deferring an authorization request to another server. Designed for a server to authorize another server, not initially for user authorization.

A server, A, can request resources from another server, B, for which you also have an account. Rather than refusing server A's request, server B can send you a notice asking if you agree that Server A has access to these specific resources (and no others). If you agree, then server B creates a session token with the appropriate, restricted authorizations to server A. Server A then uses this token to get access to the limited resources that you authorized.

Typically, could be read access to a very specific file or files. Typically this token will expire in a day as well,