OAuth

OAuth 2.0 is the open authorisation standard that underlies modern authentication in Microsoft Entra ID, Microsoft 365, and most modern cloud services. OAuth doesn't authenticate users directly — that's OpenID Connect (OIDC), layered on top — but it standardises how applications obtain access tokens to call APIs on behalf of users (delegated) or themselves (application). Tokens are bearer credentials with scoped permissions and limited lifetimes, refreshed via refresh tokens without re-prompting the user. Every modern Microsoft 365 sign-in is OAuth under the hood. Compared to older protocols like SAML, OAuth is leaner (JSON over HTTPS), better for mobile and SPAs, and the foundation for API-first architectures.