OAuth
Industry-standard delegation protocol — lets a user authorise an app to access their data without sharing a password.
Definition
OAuth 2.0 separates authentication from authorization: instead of giving an app your password, you authorise it for a specific scope at the provider's consent screen, and the app receives a short-lived access token plus refresh token. OAuth underpins Google, Microsoft, GitHub, and most SaaS API integrations. PKCE is the recommended flow for public clients.
When to use
See also
- SSO — Single sign-on — log in once with your identity provider and access many apps without re-authenticating.
- bearer token — An API credential passed in the HTTP Authorization header — the holder is presumed authorised, no further proof.