# OAuth

> An open standard for delegated authorization: it lets an app or agent act on a user's behalf with scoped, revocable access, without sharing the user's password.

_The Agentic Web Lexicon · /glossary/oauth · [JSON](/api/glossary/oauth) · [all The Agentic Web Lexicon](/glossary)_

- **term:** OAuth
- **category:** identity
- **short_def:** An open standard for delegated authorization: it lets an app or agent act on a user's behalf with scoped, revocable access, without sharing the user's password.
- **long_def:** OAuth issues an access token that grants a specific scope for a limited time, so a user can authorize an agent to read their calendar or place an order without handing over credentials. Tokens can be scoped and revoked, which makes OAuth the mainstream way to delegate authority to software — and a natural fit for authorizing agents.
- **see_also:** delegation, agent-identity, verifiable-credentials
- **etymology_origin:** — (verify-against-primary-at-build)
- **related_to:** delegation, agent-identity, agent-as-buyer
- **contrast_with:** Unlike sharing a password, which grants total access, OAuth grants a scoped, time-limited, revocable token — the app never sees the credential.
- **example:** Authorizing an agent to book travel via OAuth grants only the booking scope, and can be revoked later without changing the user's password.
- **source:** https://en.wikipedia.org/wiki/OAuth
- **status:** active
- **why_it_matters:** OAuth is the established rail for delegated authority; as agents act for users on the agentic web, scoped revocable tokens are how that delegation stays safe.
- **sameAs:** https://en.wikipedia.org/wiki/OAuth
- **bridge_entity:** delegation
- **last_verified:** 2026-07-06
- **md_twin:** /glossary/oauth.md
