Two-legged OAuth processing involves three parties: OAuth client, authorization server,
and resource server. The OAuth client can be either the resource owner or the trusted entity that
knows about the credentials of the resource owner. In other words, two-legged OAuth processing does
not involve extra resource owner interaction.
Two-legged OAuth processing requires a grant type of resource owner password credential or client
credentials.
The typical flow for two-legged OAuth processing involves the following activities.
An OAuth client initiates a request with an authorization server and receives an access
token.
The OAuth client uses the access token to access protected resources on the resource
server.
The following figure shows the two-legged OAuth processing flow. Figure 1. Two-legged OAuth processing flow
