54 OAuth 2.0
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.
- Client - It is the third party app (running on mobile or on browser) that makes requests to the resource server for protected resources on behalf of the resource owner. The resource owner must give the app permission to access the protected resources.
- Resource owner - The person who is capable of granting access to a protected resource.
- Resource server - The resource server needs some kind of authorization before it will serve up protected resources to the app.
- Authorization server - The authorization server is implemented in compliance with the OAuth 2.0 specification, and it is responsible for validating authorization grants and issuing the access tokens that give the app access to the user's data on the resource server.
The following administrative maintenances needs to be done as part of OAuth Server
Setup:
- Identity Domain Definition
- Resource Server Definition
- Client Definition