LDAPWiki: Abstract Protocol Flow

Overview#

The Abstract Protocol Flow is an Abstract OAuth 2.0 Protocol Flow and is illustrated as:

     +--------+                               +---------------+
     |        |--(A)- Authorization Request ->|   Resource    |
     |        |                               |     Owner     |
     |        |<-(B)-- Authorization Grant ---|               |
     |        |                               +---------------+
     |        |
     |        |                               +---------------+
     |        |--(C)-- Authorization Grant -->| Authorization |
     | Client |                               |     Server    |
     |        |<-(D)----- Access Token -------|               |
     |        |                               +---------------+
     |        |
     |        |                               +---------------+
     |        |--(E)----- Access Token ------>|    Resource   |
     |        |                               |     Server    |
     |        |<-(F)--- Protected Resource ---|               |
     +--------+                               +---------------+

The interaction between the four roles and includes the following steps:

(A) The OAuth Client requests authorization from the Resource Owner. The authorization request can be made directly to the Resource Owner (as shown), or preferably indirectly via the Authorization Server as an intermediary.
(B) The OAuth Client receives an Authorization Grant, which is a credential representing the resource owner's authorization, expressed using one of four grant types defined in this specification or using an extension grant type. The authorization grant type depends on the method used by the OAuth Client to request authorization and the types supported by the Authorization Server.
(C) The OAuth Client requests an access token by authenticating with the Authorization Server and presenting the Authorization Grant.
(D) The Authorization Server Authenticates the OAuth Client and validates the Authorization Grant, and if valid, issues an Access Token.
(E) The OAuth Client requests the protected resource from the Resource Server and Authenticates by presenting the Access Token.
(F) The Resource Server validates the Access Token, and if valid, serves the request.

The preferred method for the client to obtain an Authorization Grant from the Resource Owner (depicted in steps (A) and (B)) is to use the Authorization Server as an intermediary.

More Information#

There might be more information for this subject on one of the following:

Grant Types

[#1] - The OAuth 2.0 Authorization Framework - based on data observed:2015-05-18