What is OAuth 2.0?
An authorization framework that allows third-party applications to access user accounts without sharing passwords, using access tokens instead.
OAuth 2.0 is the standard protocol behind "Sign in with Google/Apple/GitHub" buttons.
How It Works
- App redirects you to the identity provider (Google, etc.)
- You authenticate and approve the requested permissions
- The identity provider issues an access token to the app
- The app uses the token to access your data (limited by permissions)
- The app never sees your password
Privacy Considerations
- The identity provider knows every service you sign into
- Apps may request more permissions than they need
- Revoking access doesn't necessarily delete data already collected
- Consider what you're sharing before clicking "Allow"
Best Practices
- Review and revoke unused app connections regularly
- Prefer services that request minimal permissions
- Consider whether OAuth convenience is worth the tracking trade-off
Related Terms
OAuth
An open standard for authorization that allows users to grant third-party applications limited access to their accounts without sharing passwords. OAuth powers 'Login with Google/Facebook' buttons and API access delegation.
SAML
An XML-based standard for exchanging authentication data between an identity provider and a service provider, commonly used in enterprise single sign-on.
Single Sign-On
An authentication method allowing users to access multiple applications with one set of credentials. While convenient for users and administrators, SSO creates a single point of failure—compromise one account, compromise them all.
Have more questions?
Use our guided flow to get the right next privacy step for OAuth 2.0.
Open Guided Flow