Skip to main content
Home/Glossary/OAuth (Open Authorization)

OAuth (Open Authorization)

An open standard for delegated access authorization that allows applications to access user resources without exposing credentials.

Identity & Access ManagementAlso called: "OAuth 2.0", "open authorization"

OAuth enables secure third-party access to user resources without sharing passwords, forming the backbone of modern API security and single sign-on.

Why it matters

  • Eliminates password sharing between applications, reducing credential exposure.
  • Enables granular permission scopes, limiting what third-party apps can access.
  • Required for enterprise identity federation and API ecosystem security.
  • Foundation for modern authentication protocols like OpenID Connect (OIDC).

How it works

  • Authorization Grant: User approves access via consent screen.
  • Access Token: Short-lived credential for API requests.
  • Refresh Token: Long-lived token to obtain new access tokens.
  • Scopes: Define specific permissions (read email, access calendar).
  • Authorization Server: Issues tokens after validating user consent.

Common OAuth flows

  • Authorization Code Flow: Most secure, used for web and mobile apps.
  • Client Credentials Flow: Service-to-service authentication.
  • Implicit Flow: Legacy browser-based flow (deprecated).
  • PKCE Extension: Protects authorization code flow from interception.

Security considerations

  • Always validate redirect URIs to prevent token theft.
  • Use PKCE for mobile and single-page applications.
  • Implement token rotation and expiration policies.
  • Monitor for unusual authorization patterns or scope requests.

Related Tools

Related Articles

View all articles
📄

Is Qwen Code Still Free? The 2026 Free-Tier Shutdown (and 3 Free Alternatives)

Alibaba killed Qwen Code's free OAuth tier on April 15, 2026. Here's exactly what changed, what the paid Coding Plan costs, and three ways to keep running Qwen3-Coder for free.

Read article →
📄

How to Add an MCP Server to Any AI Coding CLI (Claude Code, Codex, Gemini, Qwen, Oh My Pi)

A practical, per-tool guide to wiring up Model Context Protocol servers across Claude Code, Codex CLI, Gemini CLI, Qwen Code, and Oh My Pi — including stdio vs HTTP transports, config file locations, scopes, secrets, and the field-name gotchas that trip everyone up.

Read article →
📄

Fixing AI Coding CLIs Behind a Corporate Firewall (Proxy, TLS, Zscaler, CA Certs)

A definitive enterprise troubleshooting guide for getting Claude Code, Codex, Gemini, Antigravity, and Qwen working behind corporate proxies, TLS inspection, and custom CA certificates.

Read article →
📄

Codex CLI: ChatGPT Login vs API Key — Which Auth Should You Use?

Codex CLI gives you two ways to authenticate — ChatGPT OAuth login and an OpenAI API key. Here's how they differ, which to pick for humans vs. CI, and how to fix the common 'API key ignored' loop.

Read article →

Explore More Identity & Access Management

View all terms

Authentication vs Authorization

Authentication verifies who you are, while authorization determines what you can do.

Read more →

FIDO2

An open authentication standard that enables passwordless and phishing-resistant login using hardware security keys or platform authenticators.

Read more →

Identity and Access Management (IAM)

The policies and technologies used to verify identities, govern permissions, and log access across systems.

Read more →

Kerberos

A network authentication protocol that uses secret-key cryptography and trusted third parties to verify user and service identities without transmitting passwords.

Read more →

LDAP (Lightweight Directory Access Protocol)

An open, vendor-neutral protocol for accessing and maintaining distributed directory services over a network.

Read more →

Multi-Factor Authentication (MFA)

An authentication method that requires users to provide two or more verification factors to gain access.

Read more →
Back to glossary