What is OAuth2?
An authorization framework allowing third-party apps limited access to user accounts.
OAuth2 is an authorization framework that lets users grant third-party applications limited access to their resources without sharing passwords. Common flows: Authorization Code (web apps with user login), Client Credentials (service-to-service), and Device Flow (CLI/TV apps). OAuth2 issues access tokens (for authorization) and refresh tokens (for renewing access). OIDC (OpenID Connect) builds on OAuth2 to add identity (who the user is, via ID Token).
More Security Terms
DevSecOps
Integrating security practices into every stage of the DevOps pipeline.
Falco
A runtime security tool that detects anomalous behavior in containers using eBPF/syscalls.
JWT (JSON Web Token)
A compact, self-contained token format for transmitting claims between parties.
mTLS (Mutual TLS)
Two-way TLS authentication where both client and server verify each other's certificates.
OIDC (OpenID Connect)
An identity layer on top of OAuth2 that provides user authentication.
OPA (Open Policy Agent)
A general-purpose policy engine for enforcing authorization decisions across the stack.
Test your knowledge of OAuth2 and 130 other DevOps concepts