Authorization vs. authentication in OAuth
It is easy to confuse OAuth authorization with authentication.
- Authorization decides what an app can do.
- Authentication verifies a user’s identity.
OAuth is a token-based authorization method that allows Genesys Cloud organizations to share data with third-party applications without exposing user credentials to the app, or giving it the permissions an app user has.
OAuth performs authorization, to determine what an app can do. OAuth does not perform authentication to verify a user’s identity.
Authentication occurs when a user logs into Genesys Cloud, or logs in by means of a single-sign-on (SSO) provider. Afterward, if the user launches an app, OAuth ensures that an app has the authorization to access a user’s information in Genesys Cloud by means of a token. The app cannot take any action that the user does not have Genesys Cloud permission to perform. Often the scopes assigned to an app prevent it from performing activities that a user might be authorized to do.