OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification and its extensions are being developed within the IETF OAuth Working Group.
The parties communicating with each other within the OAuth 2.0 protocol are as follows;
- Resource owner
- Client Application
- Authorization Server
- Resource Server
Resource Owner: The person or application that owns the data in a system. For example, tweets, pictures or videos you share by logging into your account in the Twitter application are your own data and you are the Resource Owner here.
Client Application: It is the application that accesses the data owned by the Resource Owner. If you want to share your tweets on your personal blog page, you need to access the Resource Server of your blog page, that is, the Twitter servers. In this case, the Client becomes your personal blog.
Authorization Server: These are the servers that authorize the applications determined as Client Application. When you want to pull your Tweets to your personal blog page, Twitter servers must recognize your blog page. In this case, you must first save the address information of your page on Twitter servers.
Then, your application will be authorized when a request is sent from your page to the Twitter servers. The Twitter servers that perform this verification and authorization are the Application Server in the OAuth 2.0 protocol.
Resource Server: It is the place where the protected data to be accessed. For example, API ends (endpoints) that offer the Tweets you want to access to post on your personal blog are called Reource.
You can find more detailed information on these issues on our blog;