OAuth is designed for distributed systems that consist of several actors with distinct roles. Just like the actors in a movie play specific roles so the story can evolve, each actor in an OAuth flow takes on a specific role in the overall OAuth solution. The following actors can be found in all OAuth-based interactions:

  • OAuth Provider (also known as OAuth server or authorization server)
  • Resource Provider (usually a set of web APIs)
  • Resource Owner (also known as user)
  • Client (usually a cloud app or mobile app)

Understanding each OAuth actor will help you to map the OAuth concepts to the components in your specific software project.

Which Actors are involved in OAuth Flows?

Matthias Biehl

As API strategist, Matthias helps clients discover their opportunities for innovation with APIs & ecosystems and turn them into actionable digital strategies. Based on his experience in leading large-scale API initiatives in both business and technology roles, he shares best practices and provides both strategic and practical guidance. He has stayed a techie at heart and at some point, got a Ph.D. Matthias publishes a blog at api-university.com, is the author of several books on APIs, and regularly speaks at technology conferences.