In the previous decade, Open Authorization (OAuth) has emerged as an industry-standard protocol for authorization. Today, almost, every web application, mobile application uses OAuth 2.0 (latest version of OAuth) for authorization.
OAuth 2.0 is used by tech giants like Facebook, Google, and Twitter. It allows the users to give information about their accounts with third-party applications or websites. It is also used to provide mechanisms for user authentication. So, this has led many developers and API providers to incorrectly conclude that OAuth is itself an authentication protocol and, thus, they use it to perform authentication. The question here is: are they right in doing that?