Oauth2 is an open standard used to protect resource known as protected resource.
Let’s use flight analogy to understand what OAuth2 is,
Client – The entity that wants to access the protected resource. Here passenger is the client who wants access a trip from Chennai to Pune.
Protected Resource – The flight trip from Chennai to Pune.
Resource Server – An entity capable of authorizing access to a protected resource. Here airport is the resource server which decides whether to allow passengers to the trip or not.
By Value Token/By Reference Token – In order to get through the airport gates, passenger needs a valid ticket. Here the ticket is mean to By value Token (the ticket details are visible) or By reference token (e-ticket, the details are not visible)
Authorization Server – The entity that issues tokens. Here the ticket machine is the authorization server. Before is issues the ticket it needs to check with flight company(Resource owner ) on price and whether the passenger is authorized to access the trip or not.
Resource Owner – The entity capable of authorizing access to a protected resource. Here the flight company is the resource owner capable of authorizing access to protected resource.
