Table F-1 OAuth Roles
Role |
Description |
---|---|
Resource Owner |
The owner of a protected resource who can grants access to the resource. A user of a printer is a resource owner who can grant access to the printer app to print a document. |
Resource Server |
Hosts the protected resources. It accepts and responds to requests by using Access tokens. |
Client |
An application that requests access to protected resources on behalf of the resource owner with the resource owner's authorization. A client application, for example, can be a gaming application. |
Authorization Server |
Generates Access tokens for a client application after authenticating the resource owner and obtaining authorization from the resource owner. The authorization server in Access Manager is Identity Server. |
Table F-2 OAuth Credentials and Tokens
OAuth Credential and Token |
Description |
---|---|
ID Token JSON Web Token (JWT) |
Contains a user’s claims such as identity, email address, and other profile information. It also specifies the issuing authority. |
Access Token (JWT) |
Required to access protected resources. Contains the attributes, such as scope, claims and duration, that are granted by the authorization server. |
Refresh Token (JWT) |
Used to obtain access tokens. The authorization server issues a Refresh token to the client application. Client applications use this token to obtain a new Access token when the current Access token expires or is no longer valid. |
Client Key and Secret |
A client application uses a client key to identify itself to a service provider. A client application uses the client secret to establish the ownership of the client key. The authorization server assigns a key and a secret to a client application while registering it. |
Table F-3 OAuth Endpoints
Endpoint |
Description |
---|---|
Authorization Endpoint |
Client applications use this endpoint to interact with the resource owner and obtain an authorization grant. It is located on an authorization server. |
Token Endpoint |
Client applications use this endpoint to obtain an Access token by providing their authorization grant or Refresh token. It is also located on an authorization server. |