OAuth

term

web devsecurityprivacy

Stands for: OAuth 2.0

A standard that lets an app access your data on another service without handling your password.

OAuth 2.0 is the "Log in with..." and "allow this app to..." flow: you authorize limited, revocable access, and the app receives a token rather than your credentials. OpenID Connect builds identity on top of it. Done right, it means one breach does not hand over your password everywhere.

Also known as: oauth, oauth2, oidc, openid connect, authorization code

All glossary entries