Authentication and Authorization always has and continues to be a critical aspect of systems design in the context of APIs, even more so as Web APIs provide access to HTTP resources, many of which contain sensitive or personal information that should only be accessible by authorized individuals.
OAuth 2.0 is an Authorization Framework that enables third-party applications to obtain limited access to HTTP resources, either on behalf of the resource owner or by allowing the third-party application to obtain access on the owner's behalf. The specification replaces and obsoletes OAuth 1.0 protocol.
It is worth noting that OAuth 2.0, as opposed to SAML, does not deal with authentication. Its main purpose is to provide a mechanism for client applications to gain access to protected HTTP resources by obtaining valid tokens following pre-defined authorization flows...