OAuth 2.0
An authorization framework that enables applications to obtain limited access to user accounts on third-party services.
How OAuth 2.0 Works
OAuth 2.0 is an authorization framework that enables third-party applications to obtain limited access to a web service. It works by delegating user authentication to the service that hosts the user account and authorizing third-party applications to access that user account.
Key Components
- Resource Owner: The user who authorizes an application to access their account
- Client: The application requesting access to the user's account
- Authorization Server: The server that authenticates the user and issues access tokens
- Resource Server: The server hosting the protected resources
Common OAuth 2.0 Flows
- Authorization Code: Most secure flow for server-side applications
- Client Credentials: For machine-to-machine authentication
- PKCE: Secure flow for public clients (mobile/SPA)