OAuth is a protocol (or framework) that supports authorization workflows. OAuth is not an API or a service: it is an open standard for authorization that any developer can implement. It gives you a way to ensure that a specific user has permissions to do something.
This protocol allows third-party applications to grant limited access to an HTTP service, either on behalf of a resource owner or by allowing the third-party application to obtain access on its own behalf. Access is requested by a client, which can be a website or a mobile application, for example.
xTuple uses OAuth2 (or OAuth 2.0), the second version of the OAuth protocol. OAuth2 simplifies the previous version and facilitates interoperability between different applications. OAuth1 adn OAuth2 specifications are completely different from one another, and cannot be used together: there is no backwards compatibility between them.
The OAuth2 protocol is constantly evolving and acclaimed by Internet giants such as Google and Facebook.
More on OAuth 2.0 Standards available at Internet Engineering Task Force (IETF).