Check out my post on OAuth2.0 - the famous access delegation mechanism employed by many big names such as Google, Facebook, Salesforce etc. that eliminates the needs of sharing passwords between applications to exchange data. The post uses Google's OAuth Playground to detail out the communication (authentication and authorization) that occurs between the client and the server when the client is trying to authenticate on behalf of resource owner. It also draws a basic comparison with the earlier version of OAuth - 1.0 and presents a perspective on how things turned ugly when the lead author of the spec resigned !!