A pictorial representation of abstract OAuth 2.0 workflow
Abstract protocol workflow, describes the interaction of Client with the Resource Owner, Authentication Server and Resource Server.
- Client requests an authorisation from the Resource Owner. This request can be made directly to the Resource Owner or preferable, indirectly via the Authorisation Server as Intermediatry.
- Client receives an Authorisation Grant, which represents Resource Owner's authorisation, expressed using one of the four Grant types. The Authorisation Grant types depends upon the method used by the Client to request authorisation and the types supported by the Authorisation Server.
- Client requests an Access Token by authenticating with the Authorisation Server and presenting it with the Authorisation Grant.
- Authorisation Server, authenticates the Client and validates its Authorisation Grant. If valid, issues an Access token to the Client.
- Client accesses the protected resource on the Resource server, by presenting the access token.
- Resource server validates the access token. If valid, returns the desired resource representation to the Client.