OAuth 2.0 - Terminology


Following is the explanation of OAuth 2.0 terms −


Authentication is a process of identifying an individual, usually based on a username and password. It is about knowing that the user is the owner of the account on the web and desktop computers.

Federated Authentication

Many applications have their own username and passwords. Some applications depend on other services for verification of the user's identity. A federated identity management system provides a single access to multiple systems. This is known as federated authentication.


Authorization is the process of giving someone the permission to do something. It needs the valid user's identification to check whether that user is authorized or not.

Delegated Authorization

Delegated authorization is the process of giving one’s credentials to other user to perform some actions on behalf of that user.


OAuth defines the following roles −

  • Resource Owner
  • Client Application
  • Resource Server
  • Authentication Server

The roles are illustrated in the following figure −

  • Resource Owner − Resource owner is defined as an entity having the ability to grant access to their own data hosted on the resource server. When the resource owner is a person, it is called the end-user.

  • Client Application − Client is an application making protected resource requests to perform actions on behalf of the resource owner.

  • Resource Server − Resource server is API server that can be used to access the user's information. It has the capability of accepting and responding to protected resource requests with the help of access tokens.

  • Authentication Server − The authentication server gets permission from the resource owner and distributes the access tokens to clients, to access protected resource hosted by the resource server.