OAuth 2.0 is an authorization framework that enables a third-party application to obtain limited access to a user's resources on an HTTP service. It achieves this by issuing access tokens to the client application, which are then presented to the resource server (API) instead of the user's primary credentials. This delegation model is fundamental to modern API security, separating the roles of the resource owner (user), client (application), authorization server, and resource server.
Glossary
OAuth 2.0

What is OAuth 2.0?
OAuth 2.0 is the industry-standard protocol for delegated authorization, enabling secure, token-based access to APIs without sharing user credentials.
The framework defines several grant types—such as Authorization Code, Client Credentials, and Refresh Token—to accommodate different client capabilities and trust levels. In a zero-trust API gateway, the gateway acts as the OAuth client and Policy Enforcement Point (PEP), validating tokens via token introspection and enforcing least privilege access based on token scopes. This prevents AI agents and other services from exceeding their authorized permissions when calling backend APIs.
Core Components of OAuth 2.0
OAuth 2.0 is an authorization framework that enables third-party applications to obtain limited access to a user's resources on an HTTP service without exposing the user's credentials, using access tokens instead. This section details its fundamental building blocks.
Access Tokens
An Access Token is a credential used by a client application to access protected resources on behalf of a resource owner (user). It is a string, often a JSON Web Token (JWT), representing specific scopes and duration of access granted by the authorization server.
- Bearer Tokens: The most common type, presented as-is by the client. Possession alone grants access.
- Structure: Tokens can be opaque (random strings) or self-contained (JWTs containing claims).
- Lifespan: Typically short-lived (minutes/hours) to limit risk if compromised. Refresh Tokens are used to obtain new access tokens.
Authorization Grant Flows
An Authorization Grant is a credential representing the resource owner's authorization. OAuth 2.0 defines several grant types for different client scenarios:
- Authorization Code Grant: For server-side web apps. The most secure flow, involving a client redirect to an authorization server and an exchange of an authorization code for a token.
- Client Credentials Grant: For machine-to-machine (M2M) communication where a client acts on its own behalf, not a user's.
- Refresh Token Grant: Used to obtain a new access token using a refresh token.
Other flows include Implicit Grant (deprecated) and Resource Owner Password Credentials (not recommended).
Scopes and Permissions
Scopes are space-separated strings that specify the exact permissions being requested by the client. They limit an access token's capabilities to a subset of the user's total permissions.
- Purpose: Implement the principle of least privilege. A token for
read:contactscannot delete contacts. - Definition: Scopes are defined by the resource server (e.g.,
api:read,files:write). - User Consent: During authorization, the user is presented with the list of requested scopes for approval.
- Token Validation: The resource server must validate that the token's scopes permit the requested action.
Authorization Server
The Authorization Server is the central engine of OAuth 2.0. It authenticates the resource owner, obtains their consent, and issues access tokens to clients after successfully validating authorization grants.
Core Functions:
- Token Endpoint: Client-facing API that issues access and refresh tokens (used in Authorization Code and Client Credentials flows).
- Authorization Endpoint: User-facing endpoint where the resource owner authenticates and grants consent.
- Token Introspection Endpoint (RFC 7662): Allows resource servers to query the active state and metadata of a token.
- Client Registration: Manages pre-registration of confidential clients (those capable of securing a secret).
Resource Server
The Resource Server hosts the protected resources (APIs, user data) and accepts and responds to protected resource requests using access tokens. Its primary responsibility is to validate access tokens and enforce scopes.
Key Actions:
- Token Validation: Verify the token's signature (if a JWT), issuer, audience, and expiration.
- Scope Enforcement: Check that the token contains a scope permitting the requested HTTP method and endpoint.
- Policy Enforcement: Acts as the Policy Enforcement Point (PEP), denying requests with invalid or insufficiently scoped tokens.
- It relies on the authorization server for token issuance and introspection.
Client Types & Profiles
OAuth 2.0 defines clients based on their ability to maintain confidentiality of credentials, which determines which grant flows they can use.
- Confidential Clients: Capable of securely storing a client secret (e.g., server-side web applications). Can use the Authorization Code grant.
- Public Clients: Unable to store secrets reliably (e.g., single-page apps, native mobile apps). Use flows like Authorization Code with PKCE.
Key Security Profiles:
- Proof Key for Code Exchange (PKCE): Extension (RFC 7636) for public clients to prevent authorization code interception attacks.
- Native App Best Practices: Guidelines (RFC 8252) for implementing OAuth in mobile and desktop apps.
OAuth 2.0 Grant Types
A comparison of the five primary OAuth 2.0 grant types, detailing their use cases, security profiles, and suitability for different client types.
| Grant Type | Primary Use Case | Client Type | User Involvement | Security Profile | Token Flow |
|---|---|---|---|---|---|
Authorization Code | Server-side web applications | Confidential | High (PKCE optional) | Two-step: code for tokens | |
Authorization Code with PKCE | Single-page apps & mobile apps | Public | High (mandatory PKCE) | Two-step with code verifier/challenge | |
Client Credentials | Machine-to-machine (M2M) / service accounts | Confidential | Medium (client auth only) | Direct: client ID/secret for tokens | |
Resource Owner Password Credentials | Legacy migration (highly discouraged) | Confidential (trusted) | Low (exposes user credentials) | Direct: username/password for tokens | |
Device Code | Input-constrained devices (TVs, IoT) | Public | Medium (user polls from another device) | Two-step: device/user codes for tokens | |
Refresh Token Support | Obtaining new access tokens without re-prompting user | Confidential & Public (with PKCE) | Varies by flow | Uses existing refresh token | |
Recommended for AI Agents | Secure, auditable API access on behalf of users | Confidential (server-side) | High (uses Authorization Code) | Two-step, server-handled exchange | |
Default in Zero-Trust Gateways | Validating and brokering access for all clients | All | High (gateway acts as PEP) | Gateway orchestrates appropriate flow |
Frequently Asked Questions
OAuth 2.0 is the foundational authorization framework for modern API security. These questions address its critical role in enabling secure, token-based access for AI agents and autonomous systems within a zero-trust architecture.
OAuth 2.0 is an authorization framework that enables a third-party application to obtain limited access to a user's resources on an HTTP service without exposing the user's credentials. It works by delegating user authentication to the service that hosts the user account and authorizing third-party applications to access the user account via access tokens. The core flow involves four key roles: the Resource Owner (user), the Client (application requesting access), the Resource Server (API hosting protected data), and the Authorization Server (issues tokens). The client redirects the user to the authorization server, which authenticates the user and obtains consent. Upon approval, the authorization server issues an access token (and often a refresh token) to the client, which then presents this token to the resource server to access protected APIs. This token-based model is fundamental for zero-trust API gateways, which validate every token for every request, enforcing the principle of 'never trust, always verify.'
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
OAuth 2.0 is a foundational component of modern API security. These related concepts define the ecosystem of authentication, authorization, and policy enforcement in which it operates.
OpenID Connect (OIDC)
An identity layer built on top of OAuth 2.0 that adds authentication. While OAuth 2.0 provides authorization (access to resources), OIDC provides a standardized way for a client (like an AI agent) to verify the identity of an end-user and obtain basic profile information. It returns an ID Token (a JWT) containing user claims, complementing the OAuth Access Token used for API calls.
- Core Difference: OAuth 2.0 = Access Delegation. OIDC = Identity Verification.
- Key Artifact: The ID Token, which is a signed JWT containing user identity information (subject, name, email).
- Use Case: An AI agent uses OAuth 2.0 for authorization to call a calendar API, but uses OIDC first to authenticate which human user it is acting on behalf of.
JSON Web Token (JWT)
A compact, URL-safe token format (RFC 7519) used to represent claims between two parties. In OAuth 2.0, Access Tokens and Refresh Tokens are often implemented as JWTs. A JWT consists of three parts: a Header (algorithm & token type), a Payload (the claims), and a Signature.
- Structure:
Header.Payload.Signature, each part Base64Url encoded. - Self-Contained: The signature allows the recipient to verify the token's integrity and authenticity without querying the authorization server (for stateless validation).
- Common Claims:
sub(subject),exp(expiration),scope(authorized permissions),iss(issuer).
Token Introspection
An OAuth 2.0 extension (RFC 7662) that allows a protected resource (like an API backend) to query the authorization server to determine the active state and metadata of an opaque access token. This is a critical check in a zero-trust model where the API gateway cannot trust the token alone.
- Process: The gateway sends the token to the authorization server's introspection endpoint. The server responds with a JSON object indicating if the token is
active, along with itsscope,client_id, andexp. - Purpose: Enables centralized token revocation and real-time authorization checks.
- Contrast with JWT: Introspection is required for opaque tokens; JWTs can be validated locally if the gateway has the public key.
Scope
A space-separated list of strings that defines the specific permissions granted by an OAuth 2.0 access token. Scopes limit an application's access to a user's resources. In a zero-trust API gateway, every incoming request's token is validated to ensure its scopes permit the requested action on the target API endpoint.
- Example Scopes:
read:calendar,write:contacts,admin:users. - Granularity: Fine-grained scopes enable the principle of least privilege. An AI agent might only request
readscopes for a task, neverwrite. - Policy Enforcement: The gateway maps API endpoints (e.g.,
POST /api/v1/users) to required scopes (e.g.,admin:users) and denies requests where the token's scope set is insufficient.
Policy Enforcement Point (PEP)
The component in a policy-based architecture that intercepts access requests and enforces authorization decisions. In the context of OAuth 2.0 and zero-trust API gateways, the gateway itself acts as the PEP. It performs the critical functions:
- Intercepts all north-south API traffic from AI agents and other clients.
- Extracts the OAuth 2.0 bearer token from the
Authorizationheader. - Validates the token (via JWT validation or Token Introspection).
- Queries the Policy Decision Point (PDP) with user/agent identity, token scopes, and request context.
- Enforces the PDP's decision by allowing or denying the request before it reaches the backend service.
Client Credentials Grant
An OAuth 2.0 grant type used for machine-to-machine (M2M) authentication, where there is no direct user involvement. This is the most relevant flow for autonomous AI agents or backend services calling APIs on their own behalf (not impersonating a user).
- Process: The client (AI agent) authenticates with the authorization server using its own
client_idandclient_secret. It receives an access token directly. - Token Use: The access token represents the application's own permissions, not a user's delegated permissions.
- Zero-Trust Context: API gateways must strictly validate tokens from this flow, as they often grant broad service-level access. Credentials must be managed via a secure credential management system.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us