OAuth
A protocol that lets a user grant an app limited access to their account on another service, without sharing their password.
Reviewed by the RadarTrek editorial team · June 2026
OAuth lets a user click "Sign in with Google" (or GitHub, or any provider) and grant your app a scoped, revocable token instead of handing over their actual password. The app never sees the user's credentials — it receives a token from the provider after the user approves the request, and that token only grants the specific permissions the user agreed to.
Why it matters
- —OAuth is an authorization protocol, not an authentication one on its own — "Sign in with X" flows layer an identity step (OpenID Connect) on top of it.
- —Tokens are scoped and revocable — a user can cut off an app's access at the provider without changing their own password.
- —Implementing OAuth correctly means handling every failure mode: denied consent, expired tokens, and refresh flows — not just the happy path.
Where to learn this
OAuth Flows In Depth
Auth Patterns Deep Dive course
This is the exact lesson that covers this term in depth — with examples, diagrams, and a hands-on exercise.