Understanding OAuth-2.0

Hello All.
I found a perfect and classic analogy to take you through the understanding of OAuth 2.0.
What is OAuth 2.0?
OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. It is an authorization framework that allows third-party applications to obtain limited access to a user’s resources on a web server without exposing the user’s credentials.
The “Valet Key” analogy refers to a scenario where an application is granted access to a user’s resources without requiring the user’s explicit involvement during the authorization process. Instead, the user has pre-authorized the application to access their resources.

One common example of the Valet Key pattern in OAuth 2.0 is when an application has access to read publicly available data from a user’s account. This access is typically limited and doesn’t involve sensitive data or actions that require user consent for each access.

Here’s a step-by-step example of how the Valet Key pattern works in OAuth 2.0:

In this scenario, a car owner has a very expensive car a Ford Mustang GT and he doesn’t want Valet to take a free ride of it, only limited to valet parking only.
Then he can give the valet key instead of the master key, which gives limited access to car functionalities. And the Valet will not be able to use other features of the car other than parking it.
The same goes with the services when a third-party application wants to see some of your data on a Google Drive and Google gives the keys just for the purpose of seeing those specific files not your while Google Drive Storage.
I hope you found the connecting dots in this example.