Security Intermediate

What is OAuth 2.0?

An authorization framework that allows third-party applications to access user resources without sharing passwords.

OAuth 2.0 enables delegated authorization. Instead of sharing credentials, users authorize applications to access specific resources. The framework defines roles: resource owner (user), client (app), authorization server, and resource server.

Grant types include Authorization Code (web apps), Client Credentials (service-to-service), and Device Code (smart TVs). OAuth 2.0 is used by Google, Facebook, GitHub, and most major platforms for third-party access.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

Supply Chain Attack

A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.

A technique that controls the number of requests a client can make to a server within a specified time period.

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

DDoS (Distributed Denial of Service)

An attack that floods a target server or network with traffic from multiple sources to overwhelm it and deny service to legitimate users.

Security Headers

HTTP response headers that instruct browsers to enable security features like XSS protection, framing prevention, and content type enforcement.

Data Loss Prevention (DLP)

A strategy and set of tools that detect and prevent unauthorized transmission of sensitive data outside an organization.

View All Security Terms →