In simple words, authentication is the act of proving who you are, whereas authorization is the act of determining what you can do. OAuth 2.0 is about delegated authorization and not about authentication. It is not a protocol, it's an authorization framework defined in the RFC 6749, The OAuth 2.0 Authorization Framework. This can be confusing because there are many cases in which you use OAuth 2.0 to log in to a client web application.
The authentication process must end by figuring out and validating the identity of the end user, but OAuth doesn't do that. OAuth provides time-based tokens, which can be used to access a resource on behalf of the end user without providing any identity information about the end user.
OAuth 2.0 is the existing standard for API security and is a major breakthrough in identity delegation.
...