OAuth

Definition

Open Authorization - a secure standard for API access that allows users to grant third-party applications limited access without sharing their passwords.

Use Cases

Provider Equivalents

Frequently Asked Questions

What's the difference between OAuth and OpenID Connect (OIDC)?
OAuth 2.0 is mainly for authorization—granting an app permission to call an API using access tokens. OpenID Connect (OIDC) is an identity layer on top of OAuth 2.0 that adds authentication—proving who the user is—by returning an ID token with user identity claims. In practice: use OAuth to access APIs; use OIDC when you also need user sign-in.
When should I use OAuth?
Use OAuth when an application needs delegated, limited access to an API on behalf of a user or service without sharing passwords. Common cases include: 'Sign in with Google/Microsoft' (often via OIDC), mobile apps calling your backend APIs, third-party integrations accessing user data with consent, and microservices using short-lived tokens instead of long-lived API keys.
How much does OAuth cost?
OAuth itself is a free standard—there’s no licensing cost to use the protocol. Costs come from how you implement it: running your own identity provider (infrastructure and operations), or using a managed service (often priced by monthly active users, number of authentications, advanced security features, or API calls). If you use a social login provider (e.g., Google), the OAuth flow is typically free, but your app may still incur costs for your identity platform, API gateway, and token validation at scale.

Category: security

Difficulty: intermediate

Related Terms

See Also