- First of all this is authorization API not a authentication.
- It provide feature the user can access the resource without any credentials.
- Instead it uses third part application to grant permission to access the resources from server
It basically uses 4 terms to authorize the user to access the resource.
- Resource owner (Mostly us).
- Client ( like browser, application, desktop application or any other).
- Authorization Server ( Third-Party app server will authenticate the user credentials related to this app ).
- Resource Server ( This is end point owner want to connect and get response(resource) from it). [It could be local machine or remote server].
😉This simple diagram serves as a comprehensive explanation, covering all the above points.
- I gave guide for this API PDF
Thank you for teaching @ali-bouali