The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service@ either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service@ or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849.