OAuth 2.0 is a widely accepted open standard for authorization that enables a user to give consent for a third-party client application to access protected resources in the name of the user.
So, what does this mean?
Let's start with sorting out the concepts used:
- Resource owner: The end user.
- Client: The third-party client application, for example, a web app or a native mobile app, that wants to call some protected APIs in the name of the end user.
- Resource server: The server that exposes the APIs that we want to protect.
- Authorization server: The authorization server issues tokens to the client after the resource owner, that is, the end user, has been authenticated. The management of user information and the authentication ...