OAuth 2.0 and OpenID Connect Flows
- Phillip Hanegan
OAuth 2.0 and OpenID Connect are industry standard protocols for authenticating users and authorizing third-party applications to access Web APIs on behalf of a resource owner approving that access or by allowing those third-party applications to access those APIs directly.
In OAuth 2.0, the entities involved in this exchange include the following:
Resource Owner – This is the user who owns the resource or data, such as their profile information, that is being requested by the application.
Client Application – This is the application that is requesting the user's data. To call EmpowerID APIs, this application must be registered in EmpowerID.
Authorization Server – This is the identity store that knows about the resource owner and can verify their identity and issue tokens to authorize access to the requested resources.
Access Token – This is the key issued by the Authorization server to allow the client application to access requested resources from the resource server.
Resource Server – This is the API endpoint or server where the user's resources live.
A basic representation of these entities in an OAuth 2.0 flow is shown below:
