OAuth is an authorization framework that allows users to approve third-party access to private resources like files and profiles. It involves roles like resource owners, clients, authorization servers, and resource servers. Common grant types are authorization code and implicit grants, which allow clients to obtain authorization codes or tokens to access resources. An example flow shows a client obtaining a one-time authorization code from the authorization server, then exchanging it for an access token to use to access private user resources stored on the resource server.