Definition

What is OAuth 2.0?

An authorization framework that allows applications to obtain limited delegated access to user accounts on third-party services without requiring users to share their passwords. OAuth 2.0 underpins most modern single sign-on and API authorization flows. Common OAuth vulnerabilities — including open redirect exploitation, missing state parameter validation, authorization code interception, and token leakage via referrer headers — are a frequent focus of web application security assessments.

Related terms

JSON Web Token (JWT) →

A compact, self-contained token format used to transmit claims between parties as a digitally signed JSON object, widely used for API authentication and single sign-on flows.

Authentication →

The process of verifying the identity of a user, device, or system before granting access to a resource.

Authorization →

The process of determining what actions and resources a verified identity is permitted to access or modify.

API Security →

A set of practices and controls designed to protect application programming interfaces (APIs) from unauthorized access, misuse, and attacks.

Put this into practice

API security testing automation →

See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.