OAuth2 - 401-advanced-javascript-jv/seattle-javascript-401d30 GitHub Wiki

OAuth2 is an authorization standard which provides a way for a user to allow an app/server to access that user's information on another server.

It is not, however, an authentication standard.

The difference between the two is that authentication is the process where a user proves they are who they say they are. Authorization is when an authenticated user allows access to some resource(s) that are only accessible to that user.

The short story for OAuth2: Use a well-known library for implementation. Creating your own OAuth2 solution is likely to create security holes because the standard is notoriously difficult to implement.