In its data exchange standards efforts (distinct from Ed-Fi's technology development, going back to a distinction made in section 1. Overview of Ed-Fi Standards and Technology) Ed-Fi recommends the use of OAuth for API implementers. This recommendation can be seen in the REST API Guidelines that the Alliance publishes:
However, in the Ed-Fi open source technology development effort, the Ed-Fi ODS/API uses a version of OAuth for API authentication. More information on that can be found here: