iam:oauth:authorization

About

The Authorization Server in Oauth is one of the 4 oauth roles.

It's the server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization.

Implementation

The authorization server may be:

the same server as the resource server
or a separate entity.

The interaction between the authorization server and resource server is beyond the scope of the Oauth specification.

The authorization server SHOULD NOT make assumptions about the client type.

The authorization server MUST first verify the identity of the resource owner. The way in which the authorization server authenticates the resource owner (e.g., username and password login, session cookies, …) is beyond the scope of the Oauth specification.

Endpoint

/authorize - Authorization endpoint - used by the client to obtain authorization from the resource owner via user-agent redirection.
/oauth/token - Token endpoint - used by the client to exchange an authorization grant for an access token, typically with client authentication.

Library / Software

See What are Identity and Access Management Services (IAM)? ie Authentication and Authorization

Table of Contents

About

Endpoint

Library / Software