Background
- Authenticating a third-party application with credentials
- credentials (passwords) must be stored in third-party application
- no restriction of third-party application access – because of credentials
Roles
- Resource owner: entity granting access to a resource, could be an end-user
- Resource server: providing the protected resource (data), accepting
- Client application: e.g. an application making
- Authorization server: authorizing the client application to access the resource data by issuing