OAuth 2.0 is an industry-standard protocol for authorization developed within the IETF OAuth Working Group. The protocol focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. The framework includes multiple grant types including Authorization Code, PKCE, Client Credentials, Device Code, and Refresh Token flows. It supports both confidential and public client types with various client authentication methods. The protocol defines access tokens, refresh tokens, and bearer tokens for secure authorization. OAuth 2.0 includes security specifications such as threat models, security considerations, and best current practices. It provides token management capabilities including token introspection, revocation, and exchange. The protocol supports JWT profiles for access tokens and structured token formats. The framework offers discovery and registration features through authorization server metadata and dynamic client registration. High security implementations can leverage Pushed Authorization Requests (PAR), Demonstration of Proof of Possession (DPoP), Mutual TLS, and Private Key JWT. OAuth 2.0 serves as the foundation for protocols like OpenID Connect, UMA 2.0, and IndieAuth. The protocol includes specifications for native apps, browser-based apps, and devices without browsers or keyboards. OAuth 2.1 is an in-progress effort to consolidate OAuth 2.0 and common extensions.