The web server is a computer system that delivers the web pages to the users by using HTTP. The client ID and password is stored on the web application server, whenever the application wants to access the resource server. The client ID and password which is stored on the web application server is intended to be kept secret.
The following figure depicts the Confidential Client Web Application Server −
In the above figure, the resource owner allows the confidential client to access the data that is hosted on the resource server, where client ID and password are kept confidential on the server.
The client ID and password is unique to the client application on the authorization server.
The resource server is a server, which hosts the resources such as Facebook, Twitter, Google, etc. These resources are stored on the resource server and are accessed by the client application and the resource owner owns these resources.
The resources of the resource owner are then accessed by the authorization server using confidential client web application.