Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE by

As discussed in the last section of Chapter 5, OAuth 1.0 was the first step toward the standardization of identity delegation. OAuth involves three parties in an identity delegation transaction. The delegator, also known as the user, assigns access to his or her resources to a third party. The delegate, also known as the consumer, accesses a resource on behalf of its user. The application that hosts the actual resource is known as the service provider. This terminology was introduced in the first release of the OAuth 1.0 specification under oauth.net. It changed a bit when the OAuth specification was brought into the IETF ...