Identity & Access
OAuth 2.0
Also known as: OAuth2
Definition
An open authorization framework that lets a resource owner grant a third-party application limited, scoped access to an API without sharing credentials.
Examples
- A mobile app obtaining an access token via authorization code with PKCE to call a banking API.
- A backend service using client credentials to publish events to a third-party API.
Related terms
OpenID Connect (OIDC)
An identity layer built on top of OAuth 2.0 that lets clients verify a user's identity and obtain basic profile information via signed ID tokens.
Authorization
The process of deciding what an already-authenticated identity is allowed to do — which resources, actions and conditions are permitted.
Authentication
The process of verifying that an entity — user, device or service — really is who or what it claims to be before granting access.
Single Sign-On (SSO)
An authentication scheme that lets a user sign in once at a trusted identity provider and then access many applications without re-entering credentials.
Federated Identity
An arrangement in which separate organizations or domains trust a common identity provider so users can use one identity across all of them.
API Security
API Security — definition coming soon.