What is an Authorization Server in Oauth?

Oauth

About

The Authorization Server in Oauth is one of the 4 oauth roles.

It's the server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization.

Implementation

The authorization server may be:

The interaction between the authorization server and resource server is beyond the scope of the Oauth specification.

The authorization server SHOULD NOT make assumptions about the client type.

The authorization server MUST first verify the identity of the resource owner. The way in which the authorization server authenticates the resource owner (e.g., username and password login, session cookies, …) is beyond the scope of the Oauth specification.

Endpoint

Library / Software

See What are Identity and Access Management Services (IAM)? ie Authentication and Authorization




Discover More
Jwt Auth Flow
Authentication - Jwt (Json web token)

json web token is a token. It's also known as jot. When a JWT is signed, it becomes a JWS and can be used for sender authentication and authorization. The main purpose of JWTs is to transfer (ie identity...
Oauth
OAuth - Client Credential Grant

Client credentials is an authorization grant type. The client credentials (or other forms of client authentication) can be used as an authorization grant when the authorization scope is limited to protected...
Oauth
OAuth - Endpoint (Protocol Endpoints)

The authorization process utilizes: two authorization server endpoints (HTTP resources): As well as one client endpoint also called the Redirection endpoint - used by the authorization server to return...
Oauth
OAuth - Resource Owner Password Credentials / Password Credentials Flow

This page is the authentication via the password credentials (ie login+password) in OAuth. This type of authentication is known in Oauth as: the Password Credentials Flow. the Resource owner password...
Oauth
OAuth - Token Endpoint

The token endpoint is an authorization endpoint used by the client to obtain an access token by presenting its: authorization grant or refresh token. The token endpoint is used with every authorization...
Oauth
Oauth - Access Token

An access token is a token representing an access authorization created during: a implicit grant flow or a authorization code flow session identifier It is a string representing an access authorization...
Oauth
Oauth - Authorization Grant (Resource Owner Authorization|Authorization Credentials)

An Authorization Grant is a credential representing the resource owner's authorization to access its protected resources. The flow for each type of grant is expressed using grant type: one of four...
Oauth
Oauth - Client (App)

client is one of the 4 roles of the Oauth specification. In its most basic form, it's a web site used by a end-user. In more details, it's is a (first-party or third party service application making...
Oauth
Oauth - Client Authentication

authentication method for a client in Oauth. The client MUST NOT use more than one authentication method in each request. Client authentication is used for: Enforcing the binding of refresh tokens...
Oauth
Oauth - Flow (Abstract Protocol Flow)

The abstract OAuth 2.0 flow describes the interaction between the four roles. For each type of grant, you got a flow: Type / Flow Description Client Type (Public / Private) Direction Type Redirection...



Share this page:
Follow us:
Task Runner