OAuth 2.0 is an authorization protocol that allows third-party applications to obtain limited access to a web service, without exposing user credentials. It works by delegating user authentication to the service that hosts the user account.

Key components:

Resource Owner: The user
Client: The application requesting access
Authorization Server: Issues access tokens
Resource Server: Hosts protected resources

Common grant types include:

Authorization Code
Implicit
Client Credentials
Resource Owner Password Credentials
Device Code