I am currently doing some research on OAuth and I was wondering whether OAuth2 Providers such as Facebook, Google, Twitter, etc... authenticate their own users through OAuth or whether they use OAuth for third party apps authorisation.
I'm certain that they use their internal OAuth2
system.
The better way to understand is to see the google
products. If you log-in on one product like mail
- url is https://mail.google.com/mail/u/1/#inbox
- you will instantly redirect to their oauth
system - something like https://accounts.google.com/signin/v2/identifier?
- for authentication. After that you can access their any product, be it drive
, docs
or youtube
where you have already authenticated.
Also, you can notice when you sign-in through google the similar oauth system
there too. The only difference it will return limited resources to the 3rd party applicaation.