What is OAuth 2.0?
OAuth 2.0 is the industry-standard protocol for authorization that allows third-party applications to access a user's data without exposing their credentials and is commonly used to provide secure API access and user authentication.
The OAuth 2.0 Authorization Framework was published as RFC 6749. You should be familiar with the concepts and terminology presented in this document.
Subsequently, several recent RFCs and articles related to OAuth have been released, providing guidance on best practices for the implementation of OAuth 2.0.
Some notable examples include:
- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants ( RFC 7523)
- Proof Key for Code Exchange by OAuth Public Clients ( RFC 7636)
- OAuth 2.0 for Native Apps ( RFC 8252)
- OAuth 2.0 Security Best Current Practice (draft)
- The OAuth 2.1 Authorization Framework (draft)