Roles (RFC 6749)

Resource owner

• An entity capable of granting access to a protected resource.

• End-user: a resource owner that is a person.

Resource server

• The server hosting protected resources.

• Capable of accepting and responding to protected resource requests using access tokens.

Client

• An application makes requests for protected resources on behalf of the resource owner and with its authorization.

Authorization server

• The server issues access tokens to the client after successfully authenticating the resource owner and obtaining its authorization for the client to access one of its resources.

Abstract protocol flow (RFC 6749)

Common protocol flow