What is OAuth? - Definition & Meaning
Learn what OAuth is, how this authorization protocol works, and why OAuth is the standard for secure access to APIs and third-party applications.
Definition
OAuth (Open Authorization) is an open standard authorization protocol that allows applications to obtain limited access to user accounts on external services without knowing the user's password. OAuth 2.0 is the current version and is widely supported by platforms such as Google, Microsoft, GitHub, and Facebook.
Technical explanation
OAuth 2.0 defines four roles: the Resource Owner (user), Client (application requesting access), Authorization Server (issues tokens), and Resource Server (protects the data). The protocol supports multiple grant types for different scenarios. The Authorization Code flow is the most secure for web applications: the user is redirected to the authorization server, grants permission, and the client receives an authorization code that is exchanged for an access token. PKCE (Proof Key for Code Exchange) adds an extra security layer for public clients like mobile apps and SPAs. The Client Credentials flow is designed for machine-to-machine communication without user interaction. Access tokens have a short lifespan and are refreshed via refresh tokens. Scopes limit access rights to specific API resources. OpenID Connect (OIDC) is an identity layer on top of OAuth 2.0 that adds user authentication via ID tokens (JWTs). Token introspection and revocation endpoints provide management over issued tokens.
How MG Software applies this
MG Software implements OAuth 2.0 in virtually every application we build. We use Supabase Auth which supports OAuth providers like Google, Microsoft, and GitHub out of the box. For SaaS products, we implement "Login with Google/Microsoft" flows so users can sign in with their existing accounts. For API integrations with external systems, we use the Client Credentials flow for secure server-to-server communication. We advise our clients on the right OAuth flow for their specific use case.
Practical examples
- A project management tool using OAuth 2.0 with the Authorization Code flow to let users log in with their Google account, without the tool ever seeing the Google password.
- A CI/CD platform using OAuth scopes to request only read access to a GitHub repository for building code, without write permissions to other repositories or account settings.
- A business SaaS application using the Client Credentials flow to automatically synchronize data with the customer's CRM system every night without human intervention.
Related terms
Frequently asked questions
Related articles
Single Sign-On Examples - Inspiration & Best Practices
Discover single sign-on examples and learn how organisations implement SSO for secure and seamless authentication. SAML, OAuth, and OIDC in practice.
Auth0 vs Clerk: Complete Comparison Guide
Compare Auth0 and Clerk on authentication, developer experience, UI components, and enterprise features. Discover which auth platform best fits your web application.
What is GDPR? - Definition & Meaning
Learn what GDPR (General Data Protection Regulation) is, what obligations it imposes on businesses, and how to make your software GDPR-compliant.
What is an API? - Definition & Meaning
Learn what an API (Application Programming Interface) is, how it works, and why APIs are essential for modern software development and system integrations.