Glossary - Patroklo/yii2-oauth2-server GitHub Wiki
Here we will remember briefly some of the terms that we will use in the OAuh2 module documentation.
Glossary
| Term | Description |
|---|---|
| Access Token | Access tokens are credentials used to access protected resources. Usually is a random string. Access tokens represent specific scopes and duration of access, granted by the resource owner, and enforced by the resource server and authorization server. |
| Client | An application making protected resource requests on behalf of the resource owner (the user) and with its authorization. |
| Authorization Code (or Endpoint) | Is a code that will be used to interact with the resource owner (user) and obtain an authorization code which will be later exchanged for an access token. |
| Authorization Grant (or Grant) | An authorization grant is a method used by the client to obtain an access token. |
| Client | An application making protected resource requests on behalf of the user and with its authorization. |
| Refresh Token | Refresh tokens are issued to the client by the authorization server and are used to obtain a new access token when the current access token becomes invalid or expires. |
| Resource | An object which can be protected by OAuth2. |
| Resource Owner (User) | The person who is giving access to some portion of their account. |
| Resource Server | The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens. |
| Scope | Are the permissions that will be necessary to access protected objects. |
This table has been partially extracted from the OAuth 2.0 Terminology
Whould you like to know more?
- Introduction to OAuth2 from DigitalOcean
- OAuth2 Simplified from Aaron Parecki
- OAuth bible from MashApe
- A guide to OAuth2 grants from Alex Bilbie
- SO -Do I Need Outh2
- OAuth2 Simplified
- OAuth2
- OAuth2 Implicit Grant
And, but of course, the source of everything: