HTTP Signatures is a community-adopted solution to handle the problem “How to associate a particular HTTP request with a particular Actor in an authenticated manner”. But im sure there are other solutions – could be OAuth2 – but would require more thought and would not be compatible with the Mastodon flavor of ActivityPub.
Note that I entertained the idea of using OAuth2 in the federated context to do “Hi server Z, I am X from peer server Y and want you to delete your cache data about me” in this but it turns out that particular problem doesn’t really have a good solution – so that post is ignorable. I mention it to avoid confusion over any OAuth2 + AP searches you may do – you’re focused on a totally different problem.