Setting up OAuth 2.0
Learn how to protect integration services and REST APIs by using the OAuth 2.0 protocol.
What is OAuth 2.0?
The OAuth 2.0 Authorization Framework facilitates the sharing of private resources (data or services) with a third-party client application (client). In an OAuth session, private resources are stored on a resource server and the owner of the resources, or resource owner, grants the client application permission to access them. The resource owner is typically a person; however, in some cases it might be an application. When a resource owner grants permission, the OAuth authorization server issues an access token to the client application. When the client application passes the access token to the resource server, the resource server communicates with the authorization server to validate the token and, if valid, provides access to the resources.
The following example illustrates the roles that are involved with an OAuth session. In the example, Bob is the resource owner who wants to access and print photos that are stored on the PhotoStorage website. This website acts as the resource server. Bob uses the PhotoPrint service, which is the client application. PhotoPrint supplies Bob with an application that runs on the device (phone or laptop). Bob uses that application to initiate the process. PhotoPrint sends a request to the PhotoStorage authorization server. The authorization server requests authorization from Bob and issues a token to PhotoPrint. PhotoPrint can then access Bob's photos on PhotoStorage.
