OAUTH is your valet key

authorization without sharing authentication:

I don't know you, but I will trust the provider on what you are allowed to do

If you have a really nice car with all the bells and whistles, you probably have a valet key--which I'd never heard of because I drive a base model jetta. Anyhow, the valet key allows somebody, like a valet, limited access to your vehicle. It's kind of like a form of interface segregation (see wiki on SOLID principles) where you have the real key that gives you all the features, but your valet only need ot be able to park your car--not rummage through the trunk or checkout your gps or whatever fancy cars have.

Oauth does something similar. It creates this limited access key that still gives enough about you the user to validate you, but doesn't share all of your important stuff. So there are 3 major players:

• Client, that's you, the user
• Consumer, that's the 3rd party website
• Service provider, the site that you're resources are located

sources:

oauth2 simplified

build a node(simple rest) API w/ oauth

oauth2 with google APIs

oauth server side w/ google

openID on google

seriously, wikipedia