OAuth defines four roles
- Resource Owner : The Entity or an End-User who owns the resources. These resources can be referred to as 'protected resource'. A resource owner alone control the rights to grant accesses to its restricted resources, to different third party applications
- Resource Server : Server that is hosting the protected resources
- Client : Any applications interacting with Resource server to access the procted resources on the behalf of the resource owner
- Authorisation server : The server issuing access tokens to the client after successfully authenticating Resource owner and obtaining authorisation.