OAuth2: short summarized overview

Background

  • Authenticating a third-party application with credentials
  • credentials (passwords) must be stored in third-party application
  • no restriction of third-party application access – because of credentials

Roles

  • Resource owner: entity granting access to a resource, could be an end-user
  • Resource server: providing the protected resource (data), accepting
  • Client application: e.g. an application making
  • Authorization server: authorizing the client application to access the resource data by issuing

Continue reading “OAuth2: short summarized overview”