OAuth 2.0

OAuth enables delegated authorization so apps can access resources without sharing passwords.

Updated: 2026-03-05

Definition

OAuth 2.0 is an authorization framework that lets a user grant an application access to resources without sharing their password.

It commonly uses access tokens and scopes to limit what an app can do.

Key points

Authorization (not authentication)
Uses access tokens and scopes
Common in APIs and modern apps

Common mistakes

Confusing OAuth with authentication (OIDC adds identity).
Overly broad scopes that increase risk.

Related exams

CompTIA Security+ (SY0-701)

Free Security+ SY0-701 mini test. Continue in the app for offline packs and detailed explanations.

Microsoft Azure Fundamentals (AZ-900)

Free AZ-900 mini test. Continue in the app for offline packs and detailed explanations.

Related terms

Want to practice this in exam-style questions?

Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.