Overview#OAuth 2.0 Actors are defined within the OAuth 2.0 RFCs
- Resource Owner - The End-User aka Subject - The Entity that is Delegating to an OAuth Client, access to a Resource Server.
- OAuth Client - An application that is a Relying Party that is requesting Authorization to act on the Resource Owner’s behalf to access the resources.
- Authorization Server (AS) - The Entity (STS) issuing Access Tokens and Refresh Tokens.
- Resource Server - The Entity hosting the Protected Resources. (Which may be an Application Programming Interface or API)