1 post
OAuth 2.0 issues a token, not an identity. It verifies authority once at consent and honours the reference thereafter, without ever revalidating the grant.