OAuth is a delegated authorization framework that lets one application access resources on a user's behalf without sharing the user's password.
OAuth is a framework for delegated authorization. In plain language, it lets one application obtain limited access to a user’s data or actions in another system without requiring the user to give away the main account password.
OAuth matters because modern applications often need to interact with APIs and third-party services on a user’s behalf. Without delegated authorization, users might be pushed to share passwords directly with connected apps, which creates far more risk and weakens centralized security controls.
It also matters because OAuth helps organizations limit what an application can do. Instead of giving broad standing access, the system can issue scoped access that is restricted to defined resources, actions, or time windows.
OAuth appears in API ecosystems, mobile app login flows, SaaS integrations, cloud developer platforms, and service-to-service authorization. A user may sign in to an identity platform, approve requested access, and let a connected app receive a token with specific scope rather than handing over the user’s main password.
Security teams review OAuth during application integration, API security design, and third-party access governance. They care about token scope, consent boundaries, client trust, token lifetime, and whether the organization is using OAuth for the right job.
A project-management tool wants to read a user’s calendar so it can schedule meetings automatically. Instead of asking for the user’s email password, the tool redirects the user to the calendar provider. The user approves the requested access, and the tool receives a limited token that lets it work with calendar data according to the approved scope.
OAuth is not primarily an authentication protocol. Its main job is authorization delegation. Many people say “OAuth login” loosely, but identity-oriented login flows usually involve an extra layer such as OpenID Connect.
OAuth is also different from SAML. SAML is commonly used for enterprise federation and SSO assertions. OAuth is more centered on delegated access and token-based API interaction.