Security Intermediate

What is OAuth 2.0?

An authorization framework that allows third-party applications to access user resources without sharing passwords.

OAuth 2.0 enables delegated authorization. Instead of sharing credentials, users authorize applications to access specific resources. The framework defines roles: resource owner (user), client (app), authorization server, and resource server.

Grant types include Authorization Code (web apps), Client Credentials (service-to-service), and Device Code (smart TVs). OAuth 2.0 is used by Google, Facebook, GitHub, and most major platforms for third-party access.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

The process of converting readable data into an unreadable format using algorithms, reversible only with the correct key.

A security model that requires strict identity verification for every user and device, regardless of their network location.

SAST (Static Application Security Testing)

Automated analysis of source code to find security vulnerabilities without executing the application.

Man-in-the-Middle Attack

An attack where the attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly.

CORS (Cross-Origin Resource Sharing)

A browser security mechanism that controls which web domains can access resources from another domain via HTTP requests.

Webhook Signature Verification

A security mechanism that verifies webhook payloads are authentic and unmodified using cryptographic signatures.

View All Security Terms →