Two-legged OAuth processing involves three parties: OAuth
client, authorization server, and resource server. The OAuth client
can be either the resource owner or the trusted entity that knows
about the credentials of the resource owner. In other words, two-legged
OAuth processing does not involve additional resource owner interaction.
Two-legged OAuth processing requires a grant type of resource owner
password credential or client credentials.
The typical flow for two-legged OAuth processing involves the following
activities:
An OAuth client initiates a request with an authorization server
and receives an access token.
The OAuth client uses the access token to access protected resources
on the resource server.
The following figure shows the two-legged OAuth processing flow. Figure 1. Two-legged OAuth processing flow