A common OAuth allows a third-party client to operate on behalf of a user without revealing the user’s credentials, such as username and password to the client.
The client first sends the user credentials to an authorization server:
-
which authenticates the user
-
obtains the user’s authorization, and
-
issues an access token which the client can use in interacting with a resource server
To learn how to explore the Smart API with common third-party clients, see Exploring the Smart API.