In any company of any non-trivial size, and even many smaller ones, authorization is a big deal that tends to permeate all the systems. For example you don’t want most staff to be able to log into the payroll system and change salaries. But they can log in and look at their own records. That behavior requires authorization either way.
If you then add outside people or companies to that, it becomes even more complex. Most companies aren’t in the business of implementing their own distributed auth system, and wouldn’t be able to do a good job if they tried. So they buy an implementation of a standard system like Oauth.
If you then add outside people or companies to that, it becomes even more complex. Most companies aren’t in the business of implementing their own distributed auth system, and wouldn’t be able to do a good job if they tried. So they buy an implementation of a standard system like Oauth.