OAuth 2.0

OAuth 2.0 is an authorization framework for delegated access.
Tags:

Overview

OAuth 2.0 lets a resource owner grant a client limited access to protected resources without sharing the owner’s password. Common roles include the resource owner, client, authorization server, and resource server. Grant flows such as authorization code, client credentials, and refresh token are selected according to the client type and trust level.

Key Points

  • Keep credentials and tokens protected.
  • Prefer current standards and well-maintained libraries.
  • Validate trust boundaries and expiration rules.