Glossary

OAUTH 2.0
defined.

An authorization framework letting users grant third-party applications limited access to their resources without sharing credentials.

A–Z

What is OAuth 2.0?

OAuth 2.0 defines several flows — authorization code (with PKCE), client credentials, device code. Common misconfiguration: open redirect chains, weak state parameter use, public client without PKCE, and over-broad scope grants.

Related terms.

OpenID Connect (OIDC)
Security Assertion Markup Language (SAML)
JSON Web Token (JWT)
Proof Key for Code Exchange (PKCE)

Where this shows up.

See our web application penetration testing, API security testing, network penetration testing, and cloud security audit services for how we test for and defend against this class of issue.

Test for this in your stack

BOOK A FREE
scoping call.

30-minute call with an OSCP-certified engineer. Tailored proposal in 24 hours.

Book Free Scoping Call →All Services

OAUTH 2.0defined.

What is OAuth 2.0?

Related terms.

Where this shows up.

BOOK A FREEscoping call.

OAUTH 2.0
defined.

BOOK A FREE
scoping call.