OAuth 2.0 is an authorization framework that lets users grant third-party apps limited access to their accounts without sharing passwords. Common flows: Authorization Code (web apps), Implicit (SPAs), Client Credentials (server-to-server).