/
OAuth 2.0 and OpenID Connect Flows

OAuth 2.0 and OpenID Connect Flows

OAuth 2.0 and OpenID Connect are industry standard protocols for authenticating users and authorizing third-party applications to access Web APIs on behalf of a resource owner approving that access or by allowing those third-party applications to access those APIs directly.

In OAuth 2.0, the entities involved in this exchange include the following:

  • Resource Owner – This is the user who owns the resource or data, such as their profile information, that is being requested by the application. 

  • Client Application – This is the application that is requesting the user's data. To call EmpowerID APIs, this application must be registered in EmpowerID.

  • Authorization Server – This is the identity store that knows about the resource owner and can verify their identity and issue tokens to authorize access to the requested resources.

  • Access Token – This is the key issued by the Authorization server to allow the client application to access requested resources from the resource server.

  • Resource Server – This is the API endpoint or server where the user's resources live.

 

A basic representation of these entities in an OAuth 2.0 flow is shown below:

 

 


Related content

OAuth 2.0 Client Credential Grant
OAuth 2.0 Client Credential Grant
Read with this
OAuth 2.0 and OpenID Connect Flows
OAuth 2.0 and OpenID Connect Flows
More like this
Token Exchange Endpoint
Token Exchange Endpoint
Read with this
OAuth 2.0 and OpenID Connect Intro
OAuth 2.0 and OpenID Connect Intro
More like this
Get an Access Token
Read with this
OAuth 2.0 Authorization Code Grant
OAuth 2.0 Authorization Code Grant
More like this