Search tools and guides ⌘K
Semicolony ELI5 · comic

OAuth (“sign in with…”).

A valet key: you let an app do one specific thing without ever handing over your real password.

  1. Your password? …no.
    password photo app
    1

    An app wants your photos. The old way would be to hand it your password — the keys to everything.

  2. It’s me. Here’s my real key.
    TRUSTED
    2

    Instead you go to the one you already trust (say, Google) and prove who you are there.

  3. May I have his photos?
    photo app may I have…?
    3

    The app never sees that. It just asks the trusted service on your behalf.

  4. Photos only.
    Allow photo app to: see your photos read your email
    4

    You approve exactly what it may touch — “photos only, not your email.”

  5. photo app token
    5

    The service hands the app a limited key (a token), not your password.

  6. Revoke? Done.
    photos the rest
    6

    The app uses that key for its one job — and you can revoke it any time without changing your password.

How “sign in with…” lets an app act for you without ever seeing your password.
Semicolony semicolony.dev/eli5/oauth/comic
← All ELI5 explainers