The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. OAuth 2.0 is published as IETF RFC 6749. The 1EdTech Security Framework makes extensive use of OAuth 2.0.
OAuth 2 Scopes – scopes are an optional feature in OAuth 2.0 to label the conditions for obtaining an access token. Use of OAuth 2.0 scopes is mandatory in 1EdTech service-based specifications.