OAuth (Open Authorization) is a standard protocol that allows users to grant third-party applications limited access to their accounts on other services without sharing their passwords. When you click "Sign in with Google" or "Connect your GitHub account," OAuth is the protocol handling that exchange behind the scenes.
OAuth 2.0 involves four parties: the user (resource owner), the application requesting access (client), the service holding the user's data (resource server), and the authorization server that issues tokens. The most common flow works like this: the app redirects the user to the authorization server, the user logs in and approves specific permissions (scopes), the authorization server redirects back with a temporary code, and the app exchanges that code for an access token.
The access token is what the app uses to make API calls on the user's behalf. Tokens are short-lived and scoped to specific permissions. The user can revoke access at any time. Refresh tokens allow apps to obtain new access tokens without requiring the user to re-authenticate, enabling long-lived integrations.
Before OAuth, the common pattern was for third-party apps to ask users for their passwords directly, creating massive security risks. OAuth decouples authentication from authorization. The third-party app never sees the user's password and can only access the specific data the user approved. This is why OAuth has become the universal standard for API authorization across the web.
TerminalFeed's X bot uses OAuth 1.0a to authenticate with the Twitter/X API for posting automated tweets. The API documentation covers how the Worker handles authenticated requests using bearer tokens, a pattern closely related to OAuth 2.0 flows.