OAuth 2.0 is an authorization framework that lets an application access a user’s data or perform actions on the user’s behalf without learning the user’s password. Instead of sharing credentials, the user authenticates with the identity provider and the app receives scoped tokens that grant limited access for a specific time and purpose.
In cyber security, OAuth 2.0 matters because it moves risk from passwords to tokens, consent, and session control. Attackers can abuse legitimate OAuth flows, such as device-based sign-in or malicious app consent, to trick users into approving access or to capture tokens that remain valid after login. Defenders monitor OAuth grants, restrict risky scopes, enforce Conditional Access, and revoke sessions or tokens when compromise is suspected. Properly configured, OAuth reduces password exposure; poorly controlled, it becomes a powerful identity attack surface.