OAuth 2.0 and OpenID Connect Flows

OAuth 2.0 and OpenID Connect are industry standard protocols for authenticating users and authorizing third-party applications to access Web APIs on behalf of a resource owner approving that access or by allowing those third-party applications to access those APIs directly.

In OAuth 2.0, the entities involved in this exchange include the following:

  • Resource Owner – This is the user who owns the resource or data, such as their profile information, that is being requested by the application. 

  • Client Application – This is the application that is requesting the user's data. To call EmpowerID APIs, this application must be registered in EmpowerID.

  • Authorization Server – This is the identity store that knows about the resource owner and can verify their identity and issue tokens to authorize access to the requested resources.

  • Access Token – This is the key issued by the Authorization server to allow the client application to access requested resources from the resource server.

  • Resource Server – This is the API endpoint or server where the user's resources live.

 

A basic representation of these entities in an OAuth 2.0 flow is shown below: