OAuth 2.0
Definition
An authorization framework that enables third-party applications to obtain limited access to a user's resources on another service without exposing the user's credentials.
OAuth 2.0 is the industry-standard protocol for authorization, allowing users to grant third-party applications access to their resources on a service provider without sharing their passwords. When you click Sign in with Google on a website, OAuth 2.0 is the protocol enabling that interaction. The user authenticates directly with Google and authorizes the application to access specific information.
The OAuth 2.0 flow involves several parties: the resource owner (user), the client application requesting access, the authorization server that authenticates the user and issues tokens, and the resource server that hosts the protected resources. The most common flow for web applications is the Authorization Code Grant, where the user is redirected to the authorization server, approves the request, and the client receives a short-lived authorization code that is exchanged for access and refresh tokens.
OAuth 2.0 scopes define the specific permissions being requested, such as read-only access to a user's email or write access to their calendar. Security best practices include using PKCE (Proof Key for Code Exchange) to prevent authorization code interception attacks, storing tokens securely, implementing token rotation, and requesting only the minimum scopes necessary for the application's functionality.
No spam. Unsubscribe anytime.
Related Calculators
Related Terms
JWT (JSON Web Token)
techA compact, URL-safe token format used for securely transmitting information between parties as a JSON object, commonly used for authentication.
SSL/TLS (Secure Sockets Layer / Transport Layer Security)
techCryptographic protocols that provide secure communication over computer networks, encrypting data between a web server and browser.
Encryption
techThe process of converting readable data (plaintext) into an unreadable format (ciphertext) using an algorithm and key, protecting it from unauthorized access.
HTTP (HyperText Transfer Protocol)
techThe foundational protocol for data communication on the web, defining how messages are formatted and transmitted between clients and servers.
Related Articles
JSON Formatting Best Practices: Write Clean, Valid JSON
Master JSON formatting with best practices for syntax, nesting, and validation. Learn common errors, debugging tips, and how to write clean JSON data.
Regex Cheat Sheet: Essential Patterns Every Developer Needs
A practical regex reference guide with common patterns for emails, URLs, phone numbers, and more. Includes syntax explanations and real-world examples.
How to Generate Secure Passwords: Best Practices for 2026
Learn how to create strong, secure passwords that protect your accounts. Covers password length, complexity, managers, and multi-factor authentication.
Guide to QR Codes: How They Work, Types & Best Uses
Learn how QR codes work, the different types available, and best practices for creating and using them in marketing, payments, and information sharing.