What role does OAuth 2.0 play in tech systems?

OAuth 2.0 is a widely-used authorization framework that enables applications to obtain limited access to user accounts on third-party services without exposing user credentials. By issuing tokens, OAuth 2.0 allows a user to grant a third-party application permission to access specific resources or perform certain actions on their behalf while maintaining security and user privacy.

The primary function of OAuth 2.0 is to delegate access. For example, when a user wants to permit a mobile app to display their profile information from a social media account, OAuth 2.0 allows the user to log in to the social media service and explicitly grant the app access to their data without sharing their passwords. This means that the application can act on behalf of the user with a level of access that is defined when the user authorizes it, thereby limiting exposure and risks associated with sharing full credentials.

While the other choices might reflect certain related concepts, they do not accurately represent the core purpose of OAuth 2.0. The framework is not focused on encryption for secure transmission, centralized security management, or directly verifying user credentials through encryption, which helps clarify the unique role that OAuth 2.0 plays in tech systems.