Authentification whithout password on Oauth

OAuth (or Open Authentication) is a free protocol through which you can allow access to resources located on another site without disclosing your login data (username and password) to the site you want access those shared resources (images, videos, addresses email, bank accounts, etc.).

Basically, it's a "key for a valet" or a "badge for the visitor" which gives a more restricted access to personal resources founded on a site unless you access them directly from that site. Just as the key for the valet (the one who takes care of parking your car) would allow access to certain features of the car and for a short period or as a visitor's badge that doesn't allow access to any room in a building.

Understanding the OAuth protocol is based on knowledge of the following terms:

• Resources - are objects of a private user who wants access selectively to other sites or applications
• Service Provider - is the one that supports all the aspects of implementing the Protocol, the one that will provide access to the managed resources to other customers. It can be a photo storage site that provides access to other sites to retrieve images stored by a specific user. It can also be a site that stores all the personal data(name, email, phone, addres) of a user. It may be, in general, any service that offers storage and selective access to private information. Typically, this service provider offers its services under an entry and based on authentication using a username and password.
• The user - is the one for whom this protocol was inventedl. The user has resources within a service provider (images, video, contacts, messages) which he doesn't want to disclose them , but which he wants to use them on other sites . He is who will decide which site will have access to his resources
• Consumer - is the site from which you wish to access resources from the service provider.
• token – or the famous token, is the identifier through which the service provider will communicate with the consumer. With this the service provider will know whose user resources should share. 

Thus, suppose that we have a Flickr account where we stored a few images from the winter holiday. We want these images to be printed using an online service. In the present case flickr.com is the service provider because it has some resources that we share it using the OAuth protocol with a site that offers printing services. To get the images stored on flickr.com we can manually download them and upload to the site to print them. But it would take too long. The site is offering to print the photos automatically on our behalf. For this we will need to provide our email address and password for that site to ask on our behalf a list of photos we have on Flickr. It now Interferes the security and confidence problem within the site that will print your photos: providing a password, it can be stored on their servers, and someone can do damage.

This is where OAuth interfers. The process of obtaining information from Flickr without revealing the password to other sites than Flickr.com is the following :

1. Access the consumer site, in our case the one that will provide photo printing services.
2. In it we wil find informations that is willing to take the pictures from the site flickr.com
3. To retrieve this information we will be redirected to flickr.com
4. Being on flickr.com, so in a safe place, we can authenticate using our email and personal password
5. After login flickr.com will redirect us back to the website from which we started (the printing images) and will provide him a token (token)
6. Using this chip, the site will make requests to flickr.com on our behalf to access photos that are to be printed.

The chip is an unique code, secure, through which it's ensured that only images will be accessed from our account for a finite period of time.