Resource Owner

The Resource Owner is an OAuth entity capable of granting access to a resource. When the resource owner is a person, it is referred to as an end-user. The resource owner is always a user account. Client An application making resource requests on behalf of the user (also called the resource owner) with the user's authorization.

Resource Server

Resource Server is an OAuth term referring to the server hosting resources.

Authorization Server

The Authorization Server is an OAuth term referring to the server handling authentication and authorization an providing the client with access tokens for access to resources.

Authorization Request

An Authorization Request is an OAuth request from a client to access a resource. It consists of an HTTP POST message identifying the client and providing credentials for authorization.

Authorization Grant

The Authorization Grant is an OAuth credential representing the resource owner's authorization to access a resource. It consists of either user login credentials or a refresh token.

Access Token

An Access Token is a secure string used in OAuth to provide a client with access to resources. The access token is issued to to clients that have a valid authorization grant.

Refresh Token

The Refresh Token is an OAuth method to provide clients with a new access token without repeated authorization. Typically, the refresh token is issued to the client when it first acquires an access token, and has much longer lifespan than the access token.