This is my memo while learning OAuth 2.0. RFC 6749 https://tools.ietf.org/html/rfc6749 1.1 (Entities and) Roles Client: An application making protected resource requests on behalf of the resource owner and with its authorization. Resource owner: An entity capable of granting access to a protected resource. When the resource owner is a person, it is referred to as an end-user. Resource server: The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens.