OAuth is the standard that lets one app use part of your account on another service without you handing over your password. When you click ‘Connect to Google’ or ‘Sign in with GitHub’, OAuth is the handshake working in the background: the other service checks who you are and gives the app a limited, revocable permission slip instead of your login details.

Think of a hotel valet key. You hand it to the parking attendant so they can move your car, but that key will not open the trunk or the glovebox. OAuth does the same with software permissions: an app might be allowed to read your calendar but nothing else, and you can take that access back whenever you like. This is a form of authorization, deciding what an app may do, which is distinct from authentication, proving who you are.

In practice that scope is set by the parts of the account the app asks for, often shown to you on a consent screen before you agree. A photo printing service might request read access to one album rather than your whole library, and you decide whether that trade is worth it.

The permission usually arrives as a token the app stores and sends with each request, often a JWT. Because nothing about your password is ever shared, a breach of the connected app cannot expose your master credentials. The flip side is that those tokens are valuable on their own, so they need to be stored carefully and given a sensible expiry rather than living forever.

At TopDevs we use OAuth to connect client systems to services like Google, Microsoft and payment providers, so integrations stay secure and access can be pulled back without a password reset.