OAuth 2.0 and OpenID Connect are industry standard protocols for authenticating users and authorizing third-party applications to access Web APIs on behalf of a resource owner approving that access or by allowing those third-party applications to access those APIs directly.

In OAuth 2.0, the entities involved in this exchange include the following:

• Resource Owner – This is the user who owns the resource or data, such as their profile information, that is being requested by the application. 
• Client Application– This is the application that is requesting the user's data. To call EmpowerID APIs, this application must be registered in EmpowerID.
• Authorization Server – This is the identity store that knows about the resource owner and can verify their identity and issue tokens to authorize access to the requested resources.
• Access Token – This is the key issued by the Authorization server to allow the client application to access requested resources from the resource server.
• Resource Server – This is the API endpoint or server where the user's resources live.

A basic representation of these entities in an OAuth 2.0 flow is shown below:

Image Modified