Adobe Experience Manager (AEM) is implemented to be run in an OSGi environment and is based on REST principles. REST does not have predefined security methods (as it is for example with SOAP Web Services) so developers define their own. One way to address REST security issues is to leverage OAuth 2. The Web Authorization (OAuth) protocol allows a user to grant a third-party Web site or application access to the user's protected resources, without necessarily revealing their long-term credentials, or even their identity. OAuth 2 is widely used from major internet players (as Google, Facebook, Twitter) in order to secure their (also REST) APIs. This talk will introduce the OAuth 2 framework and the new Granite OAuth server feature.