oauth tutorial - OAuth Roles - oauth2 tutorial - oauth authentication
What are Roles in OAuth 2.0?
There are four types of roles of users and application which are given and are defined by OAuth 2.0 and they are
- Resource Owner
- Resource Server
- Client Application
- Authorization Server
- The resource owner is the person or an application that owns the data which is to be shared.
- The user on Facebook or Google should be a resource owner which own is their data.
- The resource owner is given in the diagram as a person, which is the most common situation for OAuth 2.0.
- The resource owner could also be an application. The OAuth 2.0 specification mentions both of the possibilities.
- The resource server is the server which hosts the resources.
- The client application is the application which gives access to the resources stored on the resource server.
- The resources of the client are owned by the resource owner.
- A client application can be given as a game request access to a user’s Facebook account.
- The authorization server is the server which authorizing the client app to access resources of the resource owner.
- The authorization server and the resource server can have the same serve
- The OAuth 2.0 specification does not say anything about how these two servers should communicate, if they are separate.
- This is an internal design decision made by the resource server + authorization server developers.
- The table which is given below show us the description of the roles which are done in OAuth 2.0
learn oauth tutorial - OAuth 2.0 Roles - oauth example -
Description of the diagram
Resource Owner
- This entity can grant access to a protected resource or a service.
- The resource owner is a person (like an end user), an application that owns the service, or a security policy.
- The resource owner is depicted in the illustration that follows as a person, which is probably the most common situation.
Resource Server
- This is the server hosting the protected resource or service.
- The resource server can accept and respond to protected resource requests.
- A resource server which represents an application hosting cloud services.
Client Application
- This is an application that can make protected resource requests on behalf of the resource owner.
- The client application is the application requesting access to the resources stored on the resource server.
- The client application also obtains authorization from the resource owner.
- The client application is also referred to as OAuth client.
- In the Oracle Cloud, an OAuth client represents an application while making a REST API call.
- Examples of OAuth clients are the Oracle Mobile Cloud Service and the Oracle Java Cloud Service-SaaS Extension
Authorization Server
- This server supplies access tokens to the client after successfully authenticating the resource owner and obtaining the authorization for the server.
- In Oracle Cloud, the OAuth service takes on this responsibility for the authorization server.