OAuth 2.0

The OAuth 2.0 protocol is an open standard that allows applications to ask users for just the access to what they need to use and no more.

Quizlet supports draft 21 of OAuth 2.0 and uses "access tokens" per draft 8 of bearer tokens.

What is OAuth, exactly?

OAuth has been compared to a valet key:

Many luxury cars today come with a valet key. It is a special key you give the parking attendant and unlike your regular key, will not allow the car to drive more than a mile or two. Some valet keys will not open the trunk, while others will block access to your onboard cell phone address book. Regardless of what restrictions the valet key imposes, the idea is very clever. You give someone limited access to your car with a special key, while using your regular key to unlock everything.

Access Tokens

OAuth 2.0 uses "access tokens" to provide 3rd party applications access on behalf of a user. An access token is essentially a valet key, and gives one application limited access to a Quizlet user's data.

Quizlet access tokens last for 10 years, effectively providing 3rd-party applications access forever (without the user having to re-authorize). However, users can revoke this access at anytime in their preferences.