Back to glossary

OAuth 2.0

An industry-standard protocol for authorization that allows applications to obtain limited access to user accounts via secure tokens.

Categorysecurity

Overview

OAuth 2.0 allows a user to grant a third-party application access to their data (like a Google or GitHub profile) without sharing their password.

Key Roles

  • Resource Owner: The user.
  • Client: The application requesting access.
  • Authorization Server: The service that issues secure digital keys (tokens) (e.g., Google).
  • Resource Server: The service holding the user's data.

Common Flow

'Sign in with Google' is a common implementation of OAuth 2.0 combined with identity layers like OpenID Connect.

Related Terms

Multi-Factor AuthenticationAPI