Google OAuth is Google's implementation of the OAuth 2.0 authorization framework, which allows users to sign in to third-party applications using their Google account without sharing their password. The "Sign in with Google" button that appears on countless websites and apps is powered by Google OAuth. For custom web application development, Google OAuth is one of the most commonly implemented authentication methods because most users already have a Google account. Beyond basic sign-in, Google OAuth also enables applications to request permission to access a user's Google data, like their Calendar events, Drive files, or Gmail, through scoped access tokens. This is how applications integrate with Google's entire ecosystem of services.
OAuth as a protocol was not created by Google. It originated in 2006 when Blaine Cook, the lead developer at Twitter, and Chris Messina were working on the OpenID protocol and realized there was no open standard for API authorization. They collaborated with engineers from Google and other companies to develop OAuth 1.0, which was published in 2007. OAuth 2.0, a complete rewrite that simplified the protocol, was finalized in 2012 as RFC 6749. Google was one of the earliest and most aggressive adopters of OAuth 2.0, implementing it across all of its APIs and making "Sign in with Google" a standard feature of the web. Google's scale and developer documentation played a major role in OAuth 2.0 becoming the universal standard for API authorization.
The OAuth 2.0 specification was so contentious during its development that Eran Hammer, the lead author and editor of the spec, resigned from the project and published a scathing blog post titled "OAuth 2.0 and the Road to Hell." Hammer argued that the specification had been compromised by corporate interests, particularly from large companies like Google and Facebook, who pushed for a more flexible but less secure framework. He warned that the resulting spec was so broad and loosely defined that different implementations would be incompatible with each other. Despite the controversy, OAuth 2.0 became the dominant authorization standard, and Google's implementation became the reference that most developers follow.
Visit: developers.google.com/identity