HTTP basic auth, digest auth and Oauth?

Glossing over many details here but:

http basic: send username & password in the clear in Authorize header

http digest: send username & password, where the password has been hashed by a server provided nonce

Both versions of oauth originally designed to grant 3rd parties access to resources that are not owned by it (eg. I allow mobile photo app to post to facebook on my behalf) without having to give the 3rd party my credentials. Both of these protocols work basically as follows:

• From mobile photo application, user is directed to login page of facebook
• Once they have logged in, they are redirected back to the mobile photo app with a code.
• The mobile photo app then redeems this code for an access token
• The mobile photo app can then make requests to facebook to post my photos to my wall.

oauth1.0a: more secure than oath2, but more difficult to implement also requires all requests to be signed.

oauth2: relies on ssl for security and does not require request signing. While it's lead author has abandoned the project because he feels it doesn't doesn't meet either of its original design goals (security, interoperability) it is widely used by Facebook and Google.

Here are some articles I found useful here:

• https://blog.apigee.com/detail/api_authentication_and_how_it_got_that_way_from_http_basic_to_oauth_2.0

• https://www.stormpath.com/blog/secure-your-rest-api-right-way

Not enough mojo yet to link to the rfcs but those are the definitive sources, if slightly indigestible.