- Authentication in its simple terms is validating your identity, which is provided by the service provider and then if it is valid, providing you access to the target application. This avoids any unauthorised access to the application - Authentication mechanism includes a client id and client secret. These two parameters create a Bearer token, which is used while invoking the APIs. Remember to never share your password while invoking any APIs and communicating with the application

**For Example:**

When one application would like to use the service of another application, instead of asking you to share your password, the target application uses a protocol called Oauth, which is used in Walmart.io.

**How an Authentication works ?**

Oauth helps streamline the process of authentication. The main pointers, which Oauth provides in the target application are:

- Do you, as an incoming user have the right permissions? - Have you been granted a way of verifying who you are and why are you accessing the data? - Are you using your data for the right purpose ?

**More information on Oauth**

- OAuth is an open-standard authorisation protocol or framework that provide applications the ability for “secure designated access” For example: You can tell Facebook that it is OK for ESPN to access your profile or post updates to your timeline without having to give ESPN your Facebook password. This minimises risk in a major way i.e., in the event, ESPN suffers a breach, your Facebook password remains safe - Oauth does not share any password over the network - Oauth uses an authorisation token to prove your identity between consumers and service providers - OAuth is an authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password

**Scenario**

Facebook application is a very good example of Oauth use case.

Consider a scenario where you are using an app on Facebook and it asks you to share your profile and photos. Facebook in this scenario is the service provider. It has your login date and your pictures. The application which is trying to access Facebook is the consumer. You give the consumer access to your Facebook photos, which is the work of Oauth in the background.

Oauth is more about authorisation than authentication. Authorisation is seeking for permission to perform a task. Authentication is proving your correct identity.

See [Oauth Token](/docs/opd/oauthtoken) to get an understanding on how Oauth token is used in Walmart.io.