## TL;DR

OAuth 2.0 is an authorization framework standardized as IETF RFC 6749 (2012) that enables third-party applications to obtain limited access to a user's resources without exposing their credentials. It powers virtually all "Sign in with Google/GitHub/Apple" flows and is the foundation of modern API security.

## Core Grant Types

| Grant Type | Use Case |
|-----------|----------|
| **Authorization Code + PKCE** | Web/mobile apps (most common, most secure) |
| **Client Credentials** | Server-to-server, no user involved |
| **Device Code** | Input-constrained devices (TV, IoT) |
| **Refresh Token** | Obtain new access token without re-authentication |

## Further Reading

- [RFC 6749](https://www.rfc-editor.org/rfc/rfc6749): OAuth 2.0 specification
- [OAuth 2.1 Draft](https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-1/): Consolidation and security best practices