OAuth 2.0

E35337
IETF standard authorization framework internet standard

OAuth 2.0 is an industry-standard authorization framework that enables applications to obtain limited access to user resources on HTTP services without exposing user credentials.

Jump to: Surface forms Statements Referenced by

Observed surface forms (1)

Surface form Occurrences
Google account OAuth 1

Statements (47)

Predicate Object
instanceOf IETF standard
authorization framework
internet standard
allows third-party applications to access APIs on behalf of users
BearerTokenSpecifiedIn RFC 6750
category computer security protocol
web authorization protocol
definesEndpoint authorization endpoint
redirection endpoint
token endpoint
definesGrantType authorization code grant
client credentials grant
implicit grant
resource owner password credentials grant
definesRole authorization server
client
resource owner
resource server
designedFor authorization
enables delegated access to protected resources
limited access without sharing user credentials
influenced OpenID Connect
isExtendedBy OpenID Connect
surface form: OpenID Connect Core
isUsedBy Facebook
surface form: Facebook APIs

GitHub
surface form: GitHub APIs

Google APIs
Microsoft APIs
minimizes exposure of user credentials
notDesignedFor authentication
operatesOver HTTP
publishedYear 2012
replaces OAuth 1.0
requires user authorization for client access
securityDependsOn TLS
separates resource server from authorization server
standardizedBy Internet Engineering Task Force
standardizedIn RFC 6749
RFC 6750
supports JavaScript applications
extension grant types
machine-to-machine applications
native applications
scopes for fine-grained access control
web applications
tokenTypeDefinedIn Bearer token
uses access tokens
refresh tokens

Referenced by (4)

Full triples — surface form annotated when it differs from this entity's canonical label.

Google Play Games loginMethod OAuth 2.0
this entity surface form: Google account OAuth