OAuth is designed for distributed systems that consist of several actors with distinct roles. Just like the actors in a movie play specific roles so the story can evolve, each actor in an OAuth flow takes on a specific role in the overall OAuth solution. The following actors can be found in all OAuth-based interactions:
- OAuth Provider (also known as OAuth server or authorization server)
- Resource Provider (usually a set of web APIs)
- Resource Owner (also known as user)
- Client (usually a cloud app or mobile app)
Understanding each OAuth actor will help you to map the OAuth concepts to the components in your specific software project.