🔒 Security intermediate

OAuth 2.0

Authorization framework enabling third-party applications to access user resources without sharing credentials.

OAuth 2.0 is the industry standard for authorization. Instead of sharing passwords, users grant limited access via tokens. Key flows include: Authorization Code (for server-side apps, most secure), Implicit (legacy, for SPAs), Client Credentials (machine-to-machine), and PKCE (for mobile/SPAs, prevents code interception). Components: Resource Owner (user), Client (app requesting access), Authorization Server (issues tokens), Resource Server (API). Tokens include access tokens (short-lived, for API calls) and refresh tokens (long-lived, for getting new access tokens). OAuth enables Sign in with Google/GitHub and API integrations while keeping credentials safe.

</> Related Terms

HTTPS/TLS

Secure communication protocol that encrypts data between browsers and servers using TLS certificates.

JWT (JSON Web Token)

Compact, URL-safe token format for securely transmitting information between parties as a JSON object.

[] More in Security

→ HTTPS/TLS → JWT (JSON Web Token)→ Rate Limiting

← cd ../glossary