The OAuth 2.0 Authorization Framework
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/entity//" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/entity//Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/entity//)Use the native HTML custom element.
D. Hardt · 2012-10
Abstract
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.
Why This RFC Matters
RFC 6749 defined OAuth 2.0, which became the universal standard for delegated authorization on the web and in APIs — powering 'Sign in with Google', 'Sign in with GitHub', and millions of third-party integrations. By separating the authorization grant from the access token, and by introducing scopes, OAuth 2.0 allowed users to delegate specific, limited permissions to applications without sharing their passwords. The framework's flexibility (authorization code, implicit, client credentials, and resource owner password grant types) made it adaptable to mobile apps, server-side apps, and machine-to-machine communication alike.