OAuth defines four roles:
An entity capable of granting access to a protected resource.
When the resource owner is a person, it is referred to as an
The server hosting the protected resources, capable of accepting
and responding to protected resource requests using access tokens.
An application making protected resource requests on behalf of the
resource owner and with its authorization. The term "client" does
not imply any particular implementation characteristics (e.g.,
whether the application executes on a server, a desktop, or other
The server issuing access tokens to the client after successfully
authenticating the resource owner and obtaining authorization.
The authorization server
may be the same server as the resource server or a separate entity.
A single authorization server may issue access tokens accepted by
multiple resource servers.