HomeIdentity Security Encyclopedia › OAuth 2.0

OAuth 2.0

OAuth 2.0

OAuth 2.0 is an open authorization framework that allows applications to obtain limited access to user accounts on third-party services without exposing user credentials.

IAM Protocol Authorization Standard

❓ What is OAuth 2.0?

OAuth 2.0 is an open authorization framework that allows applications to obtain limited access to user accounts on third-party services without exposing user credentials.

⚙️ How Does It Work?

The user grants permission to an application to access their resources on a server on their behalf. The authorization server issues an access token that the client uses to call APIs.

📍 Where Is It Used?

API authorization, Login with Google or Facebook, mobile app integrations, SaaS-to-SaaS data sharing.

💡 Real-World Example

A productivity app wants to read your Google Calendar. Instead of asking for your Google password, it redirects to Google's authorization server. You approve the specific read calendar permission. Google issues an access token — the app never sees your password.

🔗 Related Terms

OIDC JWT Authentication Authorization API Security
← NIST SP 800-207 Zero TrustOpenID Connect →

Stay Ahead in Identity Security

Get weekly IAM, PAM & IGA insights delivered to your inbox via Identity Pulse.

Subscribe to Identity Pulse →
Scroll to top