OAuth 2.0 and OpenID Connect Flows

OAuth 2.0 and OpenID Connect are industry standard protocols for authenticating users and authorizing third-party applications to access Web APIs on behalf of a resource owner approving that access or by allowing those third-party applications to access those APIs directly.

In OAuth 2.0, the entities involved in this exchange include the following:

  • Resource Owner – This is the user who owns the resource or data, such as their profile information, that is being requested by the application. 
  • Client Application– This is the application that is requesting the user's data. To call EmpowerID APIs, this application must be registered in EmpowerID.
  • Authorization Server – This is the identity store that knows about the resource owner and can verify their identity and issue tokens to authorize access to the requested resources.
  • Access Token – This is the key issued by the Authorization server to allow the client application to access requested resources from the resource server.
  • Resource Server – This is the API endpoint or server where the user's resources live.


A basic representation of these entities in an OAuth 2.0 flow is shown below:





Getting Started


Register an OAuth Application

Register an OAuth Application

Get an Access Token

Get an Access Token

Create a Person Object

Create Person Objects

Edit People

Edit Person Attributes

OAuth 2.0 Flows

OAuth 2.0 Flows

Check User Access

Authorization API

Overview of JSON Signing and Encryption

JSON Signing and Encryption