OAuth is designed for distributed systems that consist of several actors with distinct roles. Just like the actors in a movie play specific roles so the story can evolve, each actor in an OAuth flow takes on a specific role in the overall OAuth solution. The following actors can be found in all OAuth-based interactions:

  • OAuth Provider (also known as OAuth server or authorization server)
  • Resource Provider (usually a set of web APIs)
  • Resource Owner (also known as user)
  • Client (usually a cloud app or mobile app)

Understanding each OAuth actor will help you to map the OAuth concepts to the components in your specific software project.

Which Actors are involved in OAuth Flows?