1. OAuth 2.0 provides a framework for authorization that defines four client types (web servers, user-agents, native applications, and autonomous clients) and three authorization flows (authorization code, implicit, and client credentials). 2. The authorization endpoint uses HTTP requests to obtain authorization from the resource owner via user-agent redirection or prompting the client directly. The token endpoint exchanges authorization codes or refresh tokens for access tokens via HTTP POST. 3. Access tokens are used by clients to access protected resources by passing the token in the authorization header, URI query parameter, or form-encoded body parameter of a request.