OAuth is fundamentally about delegated authentication - sending a multi-use secret to a known delegate with consent, then enabling that delegate to make subsequent requests on behalf of the user. This simple core concept has become obscured by decades of accumulated standards and security requirements.

When Twitter first explored OpenID in 2006, they discovered a critical limitation: desktop clients couldn't authenticate without passwords. This gap led to OAuth's creation as a standard solution for app authentication without sharing credentials. The standard emerged because every Web 2.0 company needed a way to handle third-party app access, but each had built insecure custom solutions.

OpenID Connect (OIDC) builds on OAuth by adding identity verification - functionally equivalent to magic link authentication where users prove access by showing a secret. The complexity comes from making these mechanisms secure and interoperable across countless use cases. OAuth's evolution from Twitter's internal needs to an IETF standard shows how practical engineering challenges drive authentication protocols. Understanding the 'why' behind OAuth's design - enabling secure delegation without password sharing - makes the 'how' much more comprehensible.