What is OAuth 2.0?

OAuth 2.0 is an authorization framework that allows third-party applications to obtain limited access to a user's resources on another service without exposing the user's password. Example: "Sign in with Google" — the app receives a token granting access to your Google profile, without ever seeing your Google password. Key roles: Resource Owner (user), Client (the app), Authorization Server (issues tokens — e.g., Google's auth server), Resource Server (API being accessed). Grant types (flows): Authorization Code (most secure — for web/mobile apps with a backend), PKCE extension for public clients (SPAs, mobile apps), Client Credentials (machine-to-machine — no user), Device Code (TVs, CLI). Tokens: Access Token (short-lived, used to call APIs), Refresh Token (longer-lived, gets new access tokens). OAuth 2.0 is for authorization — combine with OpenID Connect (OIDC) for authentication (identity).