Mental BoundOAuth is the open standard behind "Sign in with Google" and "Allow this app to access your calendar." Instead of handing over your password, you authorize one service to use another on your behalf, and it receives a token — a scoped, time-limited key — rather than your credentials. You can revoke that access at any time without changing your password.
The value is in the limits. A token can be scoped to exactly what an app needs — read your files but not delete them, post on your behalf but not see your messages — and it expires. That delegated, revocable, least-privilege access is why OAuth underpins most modern API integrations.
It matters for AI for the same reason. When an assistant connects to your tools — including over MCP — OAuth is how it gets precisely the access you grant and nothing more, with a clear trail of what was permitted. It's a core part of how we keep software and integrations secure.