2. Introduction
The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing the
third-party application to obtain access on its own behalf.
OAuth addresses issue of sharing resource owner’s credentials to
access protected resources by introducing an authorization layer and
separating the role of the client from that of the resource owner.
In OAuth, the client requests access to resources controlled by the
resource owner and hosted by the resource server, and is issued a
different set of credentials than those of the resource owner.
The client obtains an access token -- a string denoting a specific
scope, lifetime, and other access attributes. Access tokens are issued
to third-party clients by an authorization server with the approval of
the resource owner. The client uses the access token to access the
protected resources hosted by the resource server.
3. Terminology
Access token - A token used to access protected resources.
Authorization code - An intermediary token generated when a user
authorizes a client to access protected resources on their behalf.The client
receives this token and exchanges it for an access token.
Authorization server - A server which issues access tokens after successfully
authenticating a client and resource owner, and authorizing the request.
Client - An application which accesses protected resources on behalf of the
resource owner (such as a user).The client could be hosted on a server,
desktop, mobile or other device. Client Id and Client secret
Grant - A grant is a method of acquiring an access token.
Resource server - A server which sits in front of protected resources (for
example “tweets”, users’ photos, or personal data) and is capable of accepting
and responding to protected resource requests using access tokens.
Resource owner -The user who authorizes an application to access their
account.The application’s access to the user’s account is limited to the
“scope” of the authorization granted (e.g. read or write access).
Scope - A permission.