OAuth

Ref: http://lifehacker.com/5918086/understanding-oauth-what-happens-when-you-log-into-a-site-with-google-twitter-or-facebook


Lets say you want to use an app to post to facebook account. We need to give the app to access your facebook account so it can get your info and post on your behalf.
Instead of giving the app the Facebook username and password for login (which induce security concern), use OAuth.

Mechanism
1. App (consumer) has to acquire 2 tokens from facebook (service):
    consumer key + consumer secret
These tokens will be used to create connection between service and consumer.

2. When using App, it ask for user's facebook acct. it will redirect user to facebook to enter their username and password.

3. Facebook then ask user whether they authorize the app to have permission to view your timeline, post on your behalf, etc. When click "authorize" it creates 2 tokens:
   Access token + Access Token Secret
This allow app to access facebook and do the things you've allowed it to do.

Advantages:
1. Keep third party apps from doing things that you don't want them to
2. Even the app get hacked, Facebook credential is not leaked.  Can stop app's permission anytime by changing the facebook setting.