Glossary

Here we will remember briefly some of the terms that we will use in the OAuh2 module documentation.

Glossary

Term	Description
Access Token	Access tokens are credentials used to access protected resources. Usually is a random string. Access tokens represent specific scopes and duration of access, granted by the resource owner, and enforced by the resource server and authorization server.
Client	An application making protected resource requests on behalf of the resource owner (the user) and with its authorization.
Authorization Code (or Endpoint)	Is a code that will be used to interact with the resource owner (user) and obtain an authorization code which will be later exchanged for an access token.
Authorization Grant (or Grant)	An authorization grant is a method used by the client to obtain an access token.
Client	An application making protected resource requests on behalf of the user and with its authorization.
Refresh Token	Refresh tokens are issued to the client by the authorization server and are used to obtain a new access token when the current access token becomes invalid or expires.
Resource	An object which can be protected by OAuth2.
Resource Owner (User)	The person who is giving access to some portion of their account.
Resource Server	The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens.
Scope	Are the permissions that will be necessary to access protected objects.

This table has been partially extracted from the OAuth 2.0 Terminology

Whould you like to know more?

• Introduction to OAuth2 from DigitalOcean
• OAuth2 Simplified from Aaron Parecki
• OAuth bible from MashApe
• A guide to OAuth2 grants from Alex Bilbie
• SO -Do I Need Outh2
• OAuth2 Simplified
• OAuth2
• OAuth2 Implicit Grant

And, but of course, the source of everything:

• The very own Oauth2 Spec