CINXE.COM

<!DOCTYPE html> <html lang="en-US"> <head> <meta charset="UTF-8" /> <script src="https://cdn.usefathom.com/script.js" data-site="AXHBWSDY" defer></script> <meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' />  <title>The Resource Server - OAuth 2.0 Simplified</title> <meta name="description" content="The resource server is the OAuth 2.0 term for your API server. The resource server handles authenticated requests after the application has obtained an" /> <link rel="canonical" href="/oauth2-servers/the-resource-server/" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="article" /> <meta property="og:title" content="The Resource Server - OAuth 2.0 Simplified" /> <meta property="og:description" content="The resource server is the OAuth 2.0 term for your API server. The resource server handles authenticated requests after the application has obtained an" /> <meta property="og:url" content="/oauth2-servers/the-resource-server/" /> <meta property="og:site_name" content="OAuth 2.0 Simplified" /> <meta property="article:modified_time" content="2021-12-16T22:43:48+00:00" /> <meta name="twitter:card" content="summary" /> <meta name="twitter:label1" content="Est. reading time" /> <meta name="twitter:data1" content="4 minutes" /> <script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"/#website","url":"/","name":"OAuth 2.0 Simplified","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"WebPage","@id":"/oauth2-servers/the-resource-server/#webpage","url":"/oauth2-servers/the-resource-server/","name":"The Resource Server - OAuth 2.0 Simplified","isPartOf":{"@id":"/#website"},"datePublished":"2016-08-17T18:41:38+00:00","dateModified":"2021-12-16T22:43:48+00:00","description":"The resource server is the OAuth 2.0 term for your API server. The resource server handles authenticated requests after the application has obtained an","breadcrumb":{"@id":"/oauth2-servers/the-resource-server/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["/oauth2-servers/the-resource-server/"]}]},{"@type":"BreadcrumbList","@id":"/oauth2-servers/the-resource-server/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"/"},{"@type":"ListItem","position":2,"name":"OAuth.com","item":"/"},{"@type":"ListItem","position":3,"name":"The Resource Server"}]}]}</script>  <link rel='dns-prefetch' href='//ajax.googleapis.com' /> <link rel='dns-prefetch' href='//www.oauth.com' /> <link rel='dns-prefetch' href='//fonts.googleapis.com' /> <link rel='dns-prefetch' href='//s.w.org' /> <link rel="alternate" type="application/rss+xml" title="OAuth 2.0 Simplified » Feed" href="/feed/" /> <link rel="shortcut icon" type="image/x-icon" href="/wp-content/themes/oauthdotcom/favicon.ico" /><script type="text/javascript"> window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/www.oauth.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.0.3"}}; /*! This file is auto-generated */ !function(e,a,t){var n,r,o,i=a.createElement("canvas"),p=i.getContext&&i.getContext("2d");function s(e,t){var a=String.fromCharCode,e=(p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,e),0,0),i.toDataURL());return p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,t),0,0),e===i.toDataURL()}function c(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(o=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},r=0;r<o.length;r++)t.supports[o[r]]=function(e){if(!p||!p.fillText)return!1;switch(p.textBaseline="top",p.font="600 32px Arial",e){case"flag":return s([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])?!1:!s([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!s([129777,127995,8205,129778,127999],[129777,127995,8203,129778,127999])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(e=t.source||{}).concatemoji?c(e.concatemoji):e.wpemoji&&e.twemoji&&(c(e.twemoji),c(e.wpemoji)))}(window,document,window._wpemojiSettings); </script> <style> .themify_builder .wow { visibility: hidden; } div:not(.caroufredsel_wrapper) > .themify_builder_slider > li:not(:first-child), .mfp-hide { display: none; } a.themify_lightbox, .module-gallery a, .gallery-icon, .themify_lightboxed_images .post a[href$="jpg"], .themify_lightboxed_images .post a[href$="gif"], .themify_lightboxed_images .post a[href$="png"], .themify_lightboxed_images .post a[href$="JPG"], .themify_lightboxed_images .post a[href$="GIF"], .themify_lightboxed_images .post a[href$="PNG"], .themify_lightboxed_images .post a[href$="jpeg"], .themify_lightboxed_images .post a[href$="JPEG"] { cursor:not-allowed; } .themify_lightbox_loaded a.themify_lightbox, .themify_lightbox_loaded .module-gallery a, .themify_lightbox_loaded .gallery-icon { cursor:pointer; } </style><style type="text/css"> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='themify-common-css' href='/wp-content/themes/themify-ultra/themify/css/themify.common.min.css?ver=4.7.7' type='text/css' media='all' /> <meta name="themify-framework-css" data-href="/wp-content/themes/themify-ultra/themify/css/themify.framework.min.css?ver=4.7.7" content="themify-framework-css" id="themify-framework-css" /><meta name="builder-styles-css" data-href="/wp-content/themes/themify-ultra/themify/themify-builder/css/themify-builder-style.min.css?ver=4.7.7" content="builder-styles-css" id="builder-styles-css" /> <link rel='stylesheet' id='wp-block-library-css' href='/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3' type='text/css' media='all' /> <style id='global-styles-inline-css' type='text/css'> body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--duotone--dark-grayscale: url('#wp-duotone-dark-grayscale');--wp--preset--duotone--grayscale: url('#wp-duotone-grayscale');--wp--preset--duotone--purple-yellow: url('#wp-duotone-purple-yellow');--wp--preset--duotone--blue-red: url('#wp-duotone-blue-red');--wp--preset--duotone--midnight: url('#wp-duotone-midnight');--wp--preset--duotone--magenta-yellow: url('#wp-duotone-magenta-yellow');--wp--preset--duotone--purple-green: url('#wp-duotone-purple-green');--wp--preset--duotone--blue-orange: url('#wp-duotone-blue-orange');--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} </style> <link rel='stylesheet' id='theme-style-css' href='/wp-content/themes/themify-ultra/style.min.css?ver=1.0.0' type='text/css' media='all' /> <link rel='stylesheet' id='themify-media-queries-css' href='/wp-content/themes/themify-ultra/media-queries.min.css?ver=1.0.0' type='text/css' media='all' /> <link rel='stylesheet' id='ultra-header-css' href='/wp-content/themes/themify-ultra/styles/header-slide-out.min.css?ver=1.0.0' type='text/css' media='all' /> <link rel='stylesheet' id='ultra-color-css' href='/wp-content/themes/themify-ultra/styles/theme-color-grey.min.css?ver=1.0.0' type='text/css' media='all' /> <link rel='stylesheet' id='theme-style-child-css' href='/wp-content/themes/oauthdotcom/style.css?ver=1.0.0' type='text/css' media='all' /> <link rel='stylesheet' id='themify-google-fonts-css' href='https://fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C600italic%2C700italic%2C400%2C300%2C600%2C700&subset=latin&ver=6.0.3' type='text/css' media='all' /> <link rel='stylesheet' id='fabric-master-css' href='/wp-content/themes/oauthdotcom/css/master.css?ver=6b3fdcf6dd3cb8565a44c5f9ee7664d1db16e916' type='text/css' media='all' /> <script type='text/javascript' src='//ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js?ver=2.2.4' id='jquery-js'></script> <link rel="https://api.w.org/" href="/wp-json/" /><link rel="alternate" type="application/json" href="/wp-json/wp/v2/pages/216" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="/xmlrpc.php?rsd" /> <link rel="wlwmanifest" type="application/wlwmanifest+xml" href="/wp-includes/wlwmanifest.xml" /> <meta name="generator" content="WordPress 6.0.3" /> <link rel='shortlink' href='/?p=216' /> <link rel="alternate" type="application/json+oembed" href="/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.oauth.com%2Foauth2-servers%2Fthe-resource-server%2F" /> <link rel="alternate" type="text/xml+oembed" href="/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.oauth.com%2Foauth2-servers%2Fthe-resource-server%2F&format=xml" /> <link rel="preconnect" href="https://fonts.googleapis.com" crossorigin/> <script type="text/javascript"> var tf_mobile_menu_trigger_point = 1200; </script> <meta name="viewport" content="width=device-width, initial-scale=1"> <style> @-webkit-keyframes themifyAnimatedBG { 0% { background-color: #33baab; } 100% { background-color: #e33b9e; } 50% { background-color: #4961d7; } 33.3% { background-color: #2ea85c; } 25% { background-color: #2bb8ed; } 20% { background-color: #dd5135; } } @keyframes themifyAnimatedBG { 0% { background-color: #33baab; } 100% { background-color: #e33b9e; } 50% { background-color: #4961d7; } 33.3% { background-color: #2ea85c; } 25% { background-color: #2bb8ed; } 20% { background-color: #dd5135; } } .themify_builder_row.animated-bg { -webkit-animation: themifyAnimatedBG 30000ms infinite alternate; animation: themifyAnimatedBG 30000ms infinite alternate; } </style> <script src="//use.typekit.net/ekm8nhh.js"></script> <script>try{Typekit.load({ async: true });}catch(e){}</script> </head> <body class="page-template-default page page-id-216 page-child parent-pageid-6 themify-fw-4-7-7 themify-ultra-2-6-5 skin-default not-ie default_width sidebar-none no-home no-touch builder-parallax-scrolling-active ready-view header-slide-out fixed-header default theme-color-grey rss-off tile_enable filter-hover-none filter-featured-only masonry-enabled"> <noscript></noscript> <script type="text/javascript"> function themifyMobileMenuTrigger(e) { var w = document.body.clientWidth; if( w > 0 && w <= tf_mobile_menu_trigger_point ) { document.body.classList.add( 'mobile_menu_active' ); } else { document.body.classList.remove( 'mobile_menu_active' ); } } themifyMobileMenuTrigger(); var _init =function () { jQuery( window ).on('tfsmartresize.tf_mobile_menu', themifyMobileMenuTrigger ); document.removeEventListener( 'DOMContentLoaded', _init, {once:true,passive:true} ); _init=null; }; document.addEventListener( 'DOMContentLoaded', _init, {once:true,passive:true} ); </script> <div id="pagewrap" class="hfeed site"> <div id="headerwrap" > <a id="menu-icon" href="#mobile-menu"></a> <header id="header" class="clearfix" itemscope="itemscope" itemtype="https://schema.org/WPHeader"> <div id="site-logo"> <a href="https://developer.okta.com" title="Sponsored by Okta" target="_blank"></a> </div> <div class="header-bar"> <a href="https://www.oauth.com" id="home-link" title="OAuth 2.0 Simplified"> <img src="/wp-content/themes/oauthdotcom/images/oauth_logo.png" srcset="/wp-content/themes/oauthdotcom/images/oauth_logo.png 1x, /wp-content/themes/oauthdotcom/images/oauth_logo@2x.png 2x" alt="OAuth 2.0 Servers" /> </a> </div>  <div id="mobile-menu" class="sidemenu sidemenu-off"> <div class="social-widget"> </div>  <div id="searchform-wrap"> <form method="get" id="searchform" action="/"> <div class="oauth-search"> <i class="icon-clear-search">X</i> <input type="text" name="s" id="s" value="" /> </div> </form> </div>  <nav id="main-nav-wrap" itemscope="itemscope" itemtype="https://schema.org/SiteNavigationElement"> <ul id="main-nav" class="main-nav clearfix"><li class="page_item page-item-6 page_item_has_children current_page_ancestor current_page_parent"><a href="/">OAuth.com</a> <ul class='children'> <li class="page_item page-item-2"><a href="/oauth2-servers/background/">Background</a></li> <li class="page_item page-item-914"><a href="/oauth2-servers/getting-ready/" data-section="1">Getting Ready</a></li> <li class="page_item page-item-896 page_item_has_children"><a href="/oauth2-servers/accessing-data/" data-section="2">Accessing Data in an OAuth Server</a> <ul class='children'> <li class="page_item page-item-898"><a href="/oauth2-servers/accessing-data/create-an-application/" data-section="2.1">Create an Application</a></li> <li class="page_item page-item-903"><a href="/oauth2-servers/accessing-data/setting-up-the-environment/" data-section="2.2">Setting up the Environment</a></li> <li class="page_item page-item-907"><a href="/oauth2-servers/accessing-data/authorization-request/" data-section="2.3">Authorization Request</a></li> <li class="page_item page-item-910"><a href="/oauth2-servers/accessing-data/obtaining-an-access-token/" data-section="2.4">Obtaining an Access Token</a></li> <li class="page_item page-item-912"><a href="/oauth2-servers/accessing-data/making-api-requests/" data-section="4.5">Making API Requests</a></li> </ul> </li> <li class="page_item page-item-28 page_item_has_children"><a href="/oauth2-servers/signing-in-with-google/" data-section="3">Signing in with Google</a> <ul class='children'> <li class="page_item page-item-883"><a href="/oauth2-servers/signing-in-with-google/create-an-application/" data-section="3.1">Create an Application</a></li> <li class="page_item page-item-886"><a href="/oauth2-servers/signing-in-with-google/setting-up-the-environment/" data-section="3.2">Setting up the Environment</a></li> <li class="page_item page-item-888"><a href="/oauth2-servers/signing-in-with-google/authorization-request/" data-section="3.3">Authorization Request</a></li> <li class="page_item page-item-891"><a href="/oauth2-servers/signing-in-with-google/getting-an-id-token/" data-section="3.4">Getting an ID Token</a></li> <li class="page_item page-item-893"><a href="/oauth2-servers/signing-in-with-google/verifying-the-user-info/" data-section="3.5">Verifying the User Info</a></li> </ul> </li> <li class="page_item page-item-95 page_item_has_children"><a href="/oauth2-servers/server-side-apps/" data-section="4">Server-Side Apps</a> <ul class='children'> <li class="page_item page-item-865"><a href="/oauth2-servers/server-side-apps/authorization-code/" data-section="4.1">Authorization Code Grant</a></li> <li class="page_item page-item-869"><a href="/oauth2-servers/server-side-apps/example-flow/" data-section="4.2">Example Flow</a></li> <li class="page_item page-item-872"><a href="/oauth2-servers/server-side-apps/possible-errors/" data-section="4.3">Possible Errors</a></li> <li class="page_item page-item-874"><a href="/oauth2-servers/server-side-apps/user-experience/" data-section="4.4">User Experience and Security Considerations</a></li> </ul> </li> <li class="page_item page-item-36 page_item_has_children"><a href="/oauth2-servers/single-page-apps/" data-section="5">Single-Page Apps</a> <ul class='children'> <li class="page_item page-item-856"><a href="/oauth2-servers/single-page-apps/authorization/" data-section="5.1">Authorization</a></li> <li class="page_item page-item-850"><a href="/oauth2-servers/single-page-apps/example-flow/" data-section="5.2">Example Flow</a></li> <li class="page_item page-item-847"><a href="/oauth2-servers/single-page-apps/implicit-flow/" data-section="5.3">Implicit Flow for Single-Page Apps</a></li> <li class="page_item page-item-854"><a href="/oauth2-servers/single-page-apps/security-considerations/" data-section="5.4">Security Considerations for Single-Page Apps</a></li> </ul> </li> <li class="page_item page-item-33 page_item_has_children"><a href="/oauth2-servers/mobile-and-native-apps/" data-section="6">Mobile and Native Apps</a> <ul class='children'> <li class="page_item page-item-838"><a href="/oauth2-servers/mobile-and-native-apps/authorization/" data-section="6.1">Authorization</a></li> <li class="page_item page-item-841"><a href="/oauth2-servers/mobile-and-native-apps/security-considerations/" data-section="6.2">Security Considerations</a></li> </ul> </li> <li class="page_item page-item-138 page_item_has_children"><a href="/oauth2-servers/making-authenticated-requests/" data-section="7">Making Authenticated Requests</a> <ul class='children'> <li class="page_item page-item-833"><a href="/oauth2-servers/making-authenticated-requests/refreshing-an-access-token/" data-section="7.1">Refresh Tokens</a></li> </ul> </li> <li class="page_item page-item-140 page_item_has_children"><a href="/oauth2-servers/client-registration/" data-section="8">Client Registration</a> <ul class='children'> <li class="page_item page-item-142"><a href="/oauth2-servers/client-registration/registering-new-application/" data-section="8.1">Registering a New Application</a></li> <li class="page_item page-item-144"><a href="/oauth2-servers/client-registration/client-id-secret/" data-section="8.2">The Client ID and Secret</a></li> <li class="page_item page-item-146"><a href="/oauth2-servers/client-registration/deleting-applications-revoking-secrets/" data-section="8.3">Deleting Applications and Revoking Secrets</a></li> </ul> </li> <li class="page_item page-item-148 page_item_has_children"><a href="/oauth2-servers/authorization/" data-section="9">Authorization</a> <ul class='children'> <li class="page_item page-item-161"><a href="/oauth2-servers/authorization/the-authorization-request/" data-section="9.1">The Authorization Request</a></li> <li class="page_item page-item-164"><a href="/oauth2-servers/authorization/requiring-user-login/" data-section="9.2">Requiring User Login</a></li> <li class="page_item page-item-166"><a href="/oauth2-servers/authorization/the-authorization-interface/" data-section="9.3">The Authorization Interface</a></li> <li class="page_item page-item-168"><a href="/oauth2-servers/authorization/the-authorization-response/" data-section="9.4">The Authorization Response</a></li> <li class="page_item page-item-170"><a href="/oauth2-servers/authorization/security-considerations/" data-section="9.5">Security Considerations</a></li> </ul> </li> <li class="page_item page-item-174 page_item_has_children"><a href="/oauth2-servers/scope/" data-section="10">Scope</a> <ul class='children'> <li class="page_item page-item-177"><a href="/oauth2-servers/scope/defining-scopes/" data-section="10.1">Defining Scopes</a></li> <li class="page_item page-item-179"><a href="/oauth2-servers/scope/user-interface/" data-section="10.2">User Interface</a></li> <li class="page_item page-item-181"><a href="/oauth2-servers/scope/checkboxes/" data-section="10.3">Checkboxes</a></li> </ul> </li> <li class="page_item page-item-184 page_item_has_children"><a href="/oauth2-servers/redirect-uris/" data-section="11">Redirect URLs</a> <ul class='children'> <li class="page_item page-item-186"><a href="/oauth2-servers/redirect-uris/redirect-uri-registration/" data-section="11.1">Redirect URL Registration</a></li> <li class="page_item page-item-188"><a href="/oauth2-servers/redirect-uris/redirect-uris-native-apps/" data-section="11.2">Redirect URLs for Native Apps</a></li> <li class="page_item page-item-190"><a href="/oauth2-servers/redirect-uris/redirect-uri-validation/" data-section="11.3">Redirect URL Validation</a></li> </ul> </li> <li class="page_item page-item-194 page_item_has_children"><a href="/oauth2-servers/access-tokens/" data-section="12">Access Tokens</a> <ul class='children'> <li class="page_item page-item-196"><a href="/oauth2-servers/access-tokens/authorization-code-request/" data-section="12.1">Authorization Code Request</a></li> <li class="page_item page-item-198"><a href="/oauth2-servers/access-tokens/password-grant/" data-section="12.2">Password Grant</a></li> <li class="page_item page-item-200"><a href="/oauth2-servers/access-tokens/client-credentials/" data-section="12.3">Client Credentials</a></li> <li class="page_item page-item-202"><a href="/oauth2-servers/access-tokens/access-token-response/" data-section="12.4">Access Token Response</a></li> <li class="page_item page-item-204"><a href="/oauth2-servers/access-tokens/self-encoded-access-tokens/" data-section="12.5">Self-Encoded Access Tokens</a></li> <li class="page_item page-item-206"><a href="/oauth2-servers/access-tokens/access-token-lifetime/" data-section="12.6">Access Token Lifetime</a></li> <li class="page_item page-item-208"><a href="/oauth2-servers/access-tokens/refreshing-access-tokens/" data-section="12.7">Refreshing Access Tokens</a></li> </ul> </li> <li class="page_item page-item-210 page_item_has_children"><a href="/oauth2-servers/listing-authorizations/" data-section="13">Listing Authorizations</a> <ul class='children'> <li class="page_item page-item-212"><a href="/oauth2-servers/listing-authorizations/revoking-access/" data-section="13.1">Revoking Access</a></li> </ul> </li> <li class="page_item page-item-216 current_page_item"><a href="/oauth2-servers/the-resource-server/" data-section="14">The Resource Server</a></li> <li class="page_item page-item-608 page_item_has_children"><a href="/oauth2-servers/oauth-native-apps/" data-section="15">OAuth for Native Apps</a> <ul class='children'> <li class="page_item page-item-614"><a href="/oauth2-servers/oauth-native-apps/use-system-browser/" data-section="15.1">Use a System Browser</a></li> <li class="page_item page-item-620"><a href="/oauth2-servers/oauth-native-apps/redirect-urls-for-native-apps/" data-section="15.2">Redirect URLs for Native Apps</a></li> <li class="page_item page-item-626"><a href="/oauth2-servers/oauth-native-apps/pkce/" data-section="15.3">PKCE Extension</a></li> <li class="page_item page-item-627"><a href="/oauth2-servers/oauth-native-apps/checklist-server-support-native-apps/" data-section="15.4">Checklist for Server Support for Native Apps</a></li> </ul> </li> <li class="page_item page-item-640 page_item_has_children"><a href="/oauth2-servers/device-flow/" data-section="16">OAuth for Browserless and Input-Constrained Devices</a> <ul class='children'> <li class="page_item page-item-643"><a href="/oauth2-servers/device-flow/user-flow/" data-section="16.1">User Flow</a></li> <li class="page_item page-item-656"><a href="/oauth2-servers/device-flow/authorization-request/" data-section="16.2">Authorization Request</a></li> <li class="page_item page-item-660"><a href="/oauth2-servers/device-flow/token-request/" data-section="16.3">Token Request</a></li> <li class="page_item page-item-662"><a href="/oauth2-servers/device-flow/authorization-server-requirements/" data-section="16.4">Authorization Server Requirements</a></li> <li class="page_item page-item-666"><a href="/oauth2-servers/device-flow/security-considerations/" data-section="16.5">Security Considerations</a></li> </ul> </li> <li class="page_item page-item-668 page_item_has_children"><a href="/oauth2-servers/pkce/" data-section="17">Protecting Apps with PKCE</a> <ul class='children'> <li class="page_item page-item-670"><a href="/oauth2-servers/pkce/authorization-request/" data-section="17.1">Authorization Request</a></li> <li class="page_item page-item-673"><a href="/oauth2-servers/pkce/authorization-code-exchange/" data-section="17.2">Authorization Code Exchange</a></li> </ul> </li> <li class="page_item page-item-214"><a href="/oauth2-servers/token-introspection-endpoint/" data-section="18">Token Introspection Endpoint</a></li> <li class="page_item page-item-220"><a href="/oauth2-servers/creating-documentation/" data-section="19">Creating Documentation</a></li> <li class="page_item page-item-108"><a href="/oauth2-servers/definitions/" data-section="20">Terminology Reference</a></li> <li class="page_item page-item-136 page_item_has_children"><a href="/oauth2-servers/differences-between-oauth-1-2/" data-section="21">Differences Between OAuth 1 and 2</a> <ul class='children'> <li class="page_item page-item-225"><a href="/oauth2-servers/differences-between-oauth-1-2/authentication-and-signatures/" data-section="21.1">Authentication and Signatures</a></li> <li class="page_item page-item-227"><a href="/oauth2-servers/differences-between-oauth-1-2/user-experience-alternative-token-issuance-options/" data-section="21.2">User Experience and Alternative Token Issuance Options</a></li> <li class="page_item page-item-229"><a href="/oauth2-servers/differences-between-oauth-1-2/performance-at-scale/" data-section="21.3">Performance at Scale</a></li> <li class="page_item page-item-231"><a href="/oauth2-servers/differences-between-oauth-1-2/bearer-tokens/" data-section="21.4">Bearer Tokens</a></li> <li class="page_item page-item-233"><a href="/oauth2-servers/differences-between-oauth-1-2/short-lived-tokens-long-lived-authorizations/" data-section="21.5">Short-lived tokens with Long-lived authorizations</a></li> <li class="page_item page-item-235"><a href="/oauth2-servers/differences-between-oauth-1-2/separation-of-roles/" data-section="21.6">Separation of Roles</a></li> </ul> </li> <li class="page_item page-item-676 page_item_has_children"><a href="/oauth2-servers/openid-connect/" data-section="22">OpenID Connect</a> <ul class='children'> <li class="page_item page-item-678"><a href="/oauth2-servers/openid-connect/authorization-vs-authentication/" data-section="22.1">Authorization vs Authentication</a></li> <li class="page_item page-item-680"><a href="/oauth2-servers/openid-connect/building-an-authentication-framework/" data-section="22.2">Building an Authentication Framework</a></li> <li class="page_item page-item-682"><a href="/oauth2-servers/openid-connect/id-tokens/" data-section="22.3">ID Tokens</a></li> <li class="page_item page-item-684"><a href="/oauth2-servers/openid-connect/summary/" data-section="22.4">Summary</a></li> </ul> </li> <li class="page_item page-item-686 page_item_has_children"><a href="/oauth2-servers/indieauth/" data-section="23">IndieAuth</a> <ul class='children'> <li class="page_item page-item-738"><a href="/oauth2-servers/indieauth/discovery/" data-section="23.1">Discovery</a></li> <li class="page_item page-item-688"><a href="/oauth2-servers/indieauth/sign-in/" data-section="23.2">IndieAuth Sign-In Workflow</a></li> <li class="page_item page-item-690"><a href="/oauth2-servers/indieauth/authorization/" data-section="23.3">IndieAuth Authorization Workflow</a></li> </ul> </li> <li class="page_item page-item-693"><a href="/oauth2-servers/map-oauth-2-0-specs/" data-section="24">Map of OAuth 2.0 Specs</a></li> <li class="page_item page-item-697"><a href="/oauth2-servers/tools-and-libraries/" data-section="25">Tools and Libraries</a></li> <li class="page_item page-item-715"><a href="/oauth2-servers/appendix/">Appendix</a></li> </ul> </li> </ul>  </nav>   <a id="menu-icon-close" href="#"> <?xml version="1.0" encoding="UTF-8"?> <svg width="15px" height="15px" viewBox="0 0 15 15" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">  <title>Close</title> <desc>Created with Sketch.</desc> <defs></defs> <g id="Design" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"> <g id="OAuth---Table-of-Contents-Menu" transform="translate(-1292.000000, -30.000000)" fill-rule="nonzero" fill="#333333"> <g id="ToC-Menu-Open" transform="translate(993.000000, -16.000000)"> <g id="Close" transform="translate(299.000000, 46.000000)"> <path d="M15.9149259,8.53193792 L-1.05529018,8.53193792 C-1.56341203,8.53193792 -1.97626292,8.12026136 -1.97626292,7.61096518 L-1.97626292,7.24987497 C-1.97626292,6.74175311 -1.56458636,6.32890222 -1.05529018,6.32890222 L15.9161303,6.32890222 C16.4242522,6.32890222 16.8371031,6.74057879 16.8371031,7.24987497 L16.8371031,7.61096518 C16.8359266,8.12026136 16.4242522,8.53193792 15.914956,8.53193792 L15.9149259,8.53193792 Z" id="Shape" transform="translate(7.430420, 7.430420) rotate(-315.000000) translate(-7.430420, -7.430420) "></path> <path d="M15.9149259,8.53193792 L-1.05529018,8.53193792 C-1.56341203,8.53193792 -1.97626292,8.12026136 -1.97626292,7.61096518 L-1.97626292,7.24987497 C-1.97626292,6.74175311 -1.56458636,6.32890222 -1.05529018,6.32890222 L15.9161303,6.32890222 C16.4242522,6.32890222 16.8371031,6.74057879 16.8371031,7.24987497 L16.8371031,7.61096518 C16.8359266,8.12026136 16.4242522,8.53193792 15.914956,8.53193792 L15.9149259,8.53193792 Z" id="Shape-Copy" transform="translate(7.430420, 7.430420) scale(-1, 1) rotate(-315.000000) translate(-7.430420, -7.430420) "></path> </g> </g> </g> </g> </svg> </a> </div>  </header>  </div>  <div id="body" class="clearfix">  <div id="valprop"> <header class="valprop-content"> <h1 class="page-title"> The Resource Server </h1> </header> <span class="section-number">14</span> </div>   <div id="layout" class="pagewidth-narrow clearfix">  <div id="content" class="clearfix"> <div id="page-216" class="type-page">  <time datetime="2016-08-17"></time> <h1 class="page-title"> </h1>  <div class="page-content entry-content"> <p>The resource server is the OAuth 2.0 term for your API server. The resource server handles authenticated requests after the application has obtained an access token.</p> <p>Large scale deployments may have more than one resource server. Google’s services, for example, have dozens of resource servers, such as the Google Cloud platform, Google Maps, Google Drive, Youtube, Google+, and many others. Each of these resource servers are distinctly separate, but they all share the same authorization server.</p> <figure style="width: 897px" class="wp-caption aligncenter"><img src="/wp-content/uploads/2016/08/google-apis.png" alt="" width="897" height="479" /><figcaption class="wp-caption-text">Some of Google’s APIs</figcaption></figure> <p>Smaller deployments typically have only one resource server, and is often built as part of the same code base or same deployment as the authorization server.</p> <h2>Verifying Access Tokens</h2> <p>The resource server will be getting requests from applications with an HTTP <code>Authorization</code> header containing an access token. The resource server needs to be able to verify the access token to determine whether to process the request, and find the associated user account, etc.</p> <p>If you’re using <a href="/oauth2-servers/access-tokens/self-encoded-access-tokens/">self-encoded access tokens</a>, then verifying the tokens can be done entirely in the resource server without interacting with a database or external servers.</p> <p>If your tokens are stored in a database, then verifying the token is simply a database lookup on the token table.</p> <p>Another option is to use the <a href="/oauth2-servers/token-introspection-endpoint/">Token Introspection</a> spec to build an API to verify access tokens. This is a good way to handle verifying access tokens across a large number of resource servers, since it means you can encapsulate all of the logic of access tokens in a single server, exposing the information via an API to other parts of the system. The token introspection endpoint is intended to be used only internally, so you will want to protect it with some internal authorization, or only enable it on a server within the firewall of the system.</p> <h2>Verifying Scope</h2> <p>The resource server needs to know the list of scopes that are associated with the access token. The server is responsible for denying the request if the scopes in the access token do not include the required scope to perform the designated action.</p> <p>The OAuth 2.0 spec does not define any scopes itself, nor is there a central registry of scopes. The list of scopes is up to the service to decide for itself. See <a href="/oauth2-servers/scope/">Scope</a> for more information.</p> <h2>Expired Tokens</h2> <p>If your service uses short-lived access tokens with long-lived refresh tokens, then you’ll need to make sure to return the proper error response when an application makes a request with an expired token.</p> <p>Return an HTTP 401 response with a <code>WWW-Authenticate</code> header as described below. If your API typically returns JSON responses, then you can also return a JSON body with the same error information.</p> <pre class="brush: plain; title: ; notranslate" title="">HTTP/1.1 401 Unauthorized WWW-Authenticate: Bearer error="invalid_token" error_description="The access token expired" Content-type: application/json { "error": "invalid_token", "error_description": "The access token expired" }</pre> <p>This will indicate to clients that their existing access token expired and that they should try to get a new one using their refresh token.</p> <h2>Error Codes and Unauthorized Access</h2> <p>If the access token does not allow access to the requested resource, or if there is no access token in the request, then the server must reply with an HTTP 401 response and include a <code>WWW-Authenticate</code> header in the response.</p> <p>The minimum <code>WWW-Authenticate</code> header includes the string <code>Bearer</code>, indicating that a bearer token is required. The header can also indicate additional information such as a “realm” and “scope”. The “realm” value is used in the traditional <a href="https://tools.ietf.org/html/rfc2617">HTTP authentication</a> sense. The “scope” value allows the resource server to indicate the list of scopes required to access the resource, so the application can request the appropriate scope from the user when starting the authorization flow. The response should also include an appropriate “error” value depending on the type of error that occurred.</p> <ul> <li><code>invalid_request</code> (HTTP 400) – The request is missing a parameter, or is otherwise malformed.</li> <li><code>invalid_token</code> (HTTP 401) – The access token is expired, revoked, malformed, or invalid for other reasons. The client can obtain a new access token and try again.</li> <li><code>insufficient_scope</code> (HTTP 403) – The access token</li> </ul> <p>For example:</p> <pre class="brush: plain; title: ; notranslate" title=""> HTTP/1.1 401 Unauthorized WWW-Authenticate: Bearer realm="example", scope="delete", error="insufficient_scope" </pre> <p>If the request does not have authentication, then no error code or other error information is necessary.</p> <pre class="brush: plain; title: ; notranslate" title=""> HTTP/1.1 401 Unauthorized WWW-Authenticate: Bearer realm="example" </pre> <div id="themify_builder_content-216" data-postid="216" class="themify_builder_content themify_builder_content-216 themify_builder"> </div>    </div>  </div> </div>  <nav id="page"> <div class="alignleft"> <a href="/oauth2-servers/listing-authorizations/revoking-access/"><span>Previous Chapter</span>Revoking Access</a> </div> <div class="alignright"> <a href="/oauth2-servers/oauth-native-apps/"><span>Next Chapter</span>OAuth for Native Apps</a> </div> </nav> </div>  </div>  <div id="footerwrap" > <footer id="footer" class="pagewidth clearfix" itemscope="itemscope" itemtype="https://schema.org/WPFooter"> <div class="Row u-Flex u-Stretch"> <div class="no-hassle Column--6 Column--medium-12"> <h3>Want to implement OAuth 2.0 without the hassle?</h3> <p>We've built API access management as a service that is secure, scalable, and always on, so you can ship a more secure product, faster.</p> <a class="Button" href="http://developer.okta.com/signup" target="_blank" rel="noopener noreferrer">Secure your APIs</a> </div> <div class="brought-by Column--6 Column--medium-12"> <a href="https://developer.okta.com/" target="_blank"> OAuth.com is brought to you by the team at <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 88.8 35.82"><defs><style>.cls-1,.cls-2{fill:none;}.cls-1{clip-rule:evenodd;}.cls-3{clip-path:url(#clip-path);}.cls-4{clip-path:url(#clip-path-2);}.cls-5{fill:#c2c3c3;}.cls-6{clip-path:url(#clip-path-3);}.cls-7{clip-path:url(#clip-path-5);}.cls-8{clip-path:url(#clip-path-7);}</style><clipPath id="clip-path" transform="translate(5 4.91)"><path class="cls-1" d="M9.91,6.57A9.78,9.78,0,0,0,0,16.21a9.78,9.78,0,0,0,9.91,9.64,9.78,9.78,0,0,0,9.91-9.64A9.78,9.78,0,0,0,9.91,6.57M9.91,21a4.82,4.82,0,1,1,0-9.64,4.82,4.82,0,1,1,0,9.64"/></clipPath><clipPath id="clip-path-2" transform="translate(5 4.91)"><rect class="cls-2" x="-121" y="-359" width="1440" height="3536"/></clipPath><clipPath id="clip-path-3" transform="translate(5 4.91)"><path class="cls-1" d="M27.32,19.44a.88.88,0,0,1,1.5-.59c2.47,2.46,6.58,6.67,6.6,6.69a.65.65,0,0,0,.35.22,1.69,1.69,0,0,0,.42,0h4.47a.84.84,0,0,0,.67-1.36l-7.41-7.39-.39-.39c-.84-1-.75-1.36.21-2.35l5.89-6.36A.83.83,0,0,0,39,6.6h-4a1.43,1.43,0,0,0-.39,0,.83.83,0,0,0-.39.22l-5.27,5.52a.89.89,0,0,1-1.53-.58V.86a.78.78,0,0,0-.85-.77H23.16a.76.76,0,0,0-.86.7V25.05c0,.56.48.71.86.71h3.31a.79.79,0,0,0,.85-.73V19.44Z"/></clipPath><clipPath id="clip-path-5" transform="translate(5 4.91)"><path class="cls-1" d="M54.36,24.93,54,21.7a.79.79,0,0,0-.92-.68,5.08,5.08,0,0,1-.77.06,4.89,4.89,0,0,1-4.94-4.56c0-.09,0-.17,0-.26V12.33a.91.91,0,0,1,.92-.93h4.44a.8.8,0,0,0,.78-.83V7.51a.83.83,0,0,0-.74-.91H48.32a.89.89,0,0,1-.94-.87V.85a.79.79,0,0,0-.86-.76h-3.3a.74.74,0,0,0-.81.74s0,15.61,0,15.7a9.79,9.79,0,0,0,9.92,9.38,10.17,10.17,0,0,0,1.32-.09.82.82,0,0,0,.72-.89"/></clipPath><clipPath id="clip-path-7" transform="translate(5 4.91)"><path class="cls-1" d="M78.23,20.89c-2.81,0-3.23-1-3.23-4.64,0,0,0,0,0,0V7.42a.83.83,0,0,0-.86-.82H70.82a.85.85,0,0,0-.86.82v.41a10.08,10.08,0,0,0-4.89-1.26,9.78,9.78,0,0,0-9.91,9.64,9.78,9.78,0,0,0,9.91,9.64,10,10,0,0,0,6.44-2.31,5.4,5.4,0,0,0,4.77,2.31c.4,0,2.52.07,2.52-.89V21.53a.62.62,0,0,0-.57-.64M65.08,21a4.82,4.82,0,1,1,5-4.82,4.89,4.89,0,0,1-5,4.82"/></clipPath></defs><title>okta_logo</title><g class="cls-3"><g class="cls-4"><rect class="cls-5" y="6.48" width="29.82" height="29.28"/></g></g><g class="cls-6"><g class="cls-4"><rect class="cls-5" x="22.3" width="29.22" height="35.71"/></g></g><g class="cls-7"><g class="cls-4"><rect class="cls-5" x="42.4" width="21.96" height="35.82"/></g></g><g class="cls-8"><g class="cls-4"><rect class="cls-5" x="55.17" y="6.48" width="33.64" height="29.28"/></g></g></svg> </a> </div> </div> </footer>  </div>  </div>  <script type="application/ld+json">[{"@context":"https:\/\/schema.org","@type":"WebPage","mainEntityOfPage":{"@type":"WebPage","@id":"https:\/\/www.oauth.com\/oauth2-servers\/the-resource-server\/"},"headline":"The Resource Server","datePublished":"2016-08-17T11:41:38-07:00","dateModified":"2016-08-17T11:41:38-07:00","description":""}]</script>  <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shCore.js?ver=3.0.9b' id='syntaxhighlighter-core-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushAS3.js?ver=3.0.9b' id='syntaxhighlighter-brush-as3-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushArduino.js?ver=3.0.9b' id='syntaxhighlighter-brush-arduino-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushBash.js?ver=3.0.9b' id='syntaxhighlighter-brush-bash-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushColdFusion.js?ver=3.0.9b' id='syntaxhighlighter-brush-coldfusion-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/third-party-brushes/shBrushClojure.js?ver=20090602' id='syntaxhighlighter-brush-clojure-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushCpp.js?ver=3.0.9b' id='syntaxhighlighter-brush-cpp-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushCSharp.js?ver=3.0.9b' id='syntaxhighlighter-brush-csharp-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushCss.js?ver=3.0.9b' id='syntaxhighlighter-brush-css-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushDelphi.js?ver=3.0.9b' id='syntaxhighlighter-brush-delphi-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushDiff.js?ver=3.0.9b' id='syntaxhighlighter-brush-diff-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushErlang.js?ver=3.0.9b' id='syntaxhighlighter-brush-erlang-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/third-party-brushes/shBrushFSharp.js?ver=20091003' id='syntaxhighlighter-brush-fsharp-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushGo.js?ver=3.0.9b' id='syntaxhighlighter-brush-go-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushGroovy.js?ver=3.0.9b' id='syntaxhighlighter-brush-groovy-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushHaskell.js?ver=3.0.9b' id='syntaxhighlighter-brush-haskell-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushJava.js?ver=3.0.9b' id='syntaxhighlighter-brush-java-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushJavaFX.js?ver=3.0.9b' id='syntaxhighlighter-brush-javafx-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushJScript.js?ver=3.0.9b' id='syntaxhighlighter-brush-jscript-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/third-party-brushes/shBrushLatex.js?ver=20090613' id='syntaxhighlighter-brush-latex-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/third-party-brushes/shBrushMatlabKey.js?ver=20091209' id='syntaxhighlighter-brush-matlabkey-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/third-party-brushes/shBrushObjC.js?ver=20091207' id='syntaxhighlighter-brush-objc-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushPerl.js?ver=3.0.9b' id='syntaxhighlighter-brush-perl-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushPhp.js?ver=3.0.9b' id='syntaxhighlighter-brush-php-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushPlain.js?ver=3.0.9b' id='syntaxhighlighter-brush-plain-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushPowerShell.js?ver=3.0.9b' id='syntaxhighlighter-brush-powershell-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushPython.js?ver=3.0.9b' id='syntaxhighlighter-brush-python-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/third-party-brushes/shBrushR.js?ver=20100919' id='syntaxhighlighter-brush-r-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushRuby.js?ver=3.0.9b' id='syntaxhighlighter-brush-ruby-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushScala.js?ver=3.0.9b' id='syntaxhighlighter-brush-scala-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushSql.js?ver=3.0.9b' id='syntaxhighlighter-brush-sql-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushSwift.js?ver=3.0.9b' id='syntaxhighlighter-brush-swift-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushVb.js?ver=3.0.9b' id='syntaxhighlighter-brush-vb-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushXml.js?ver=3.0.9b' id='syntaxhighlighter-brush-xml-js'></script> <script type='text/javascript' src='/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushYaml.js?ver=3.0.9b' id='syntaxhighlighter-brush-yaml-js'></script> <script type='text/javascript'> (function(){ var corecss = document.createElement('link'); var themecss = document.createElement('link'); var corecssurl = "/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shCore.css?ver=3.0.9b"; if ( corecss.setAttribute ) { corecss.setAttribute( "rel", "stylesheet" ); corecss.setAttribute( "type", "text/css" ); corecss.setAttribute( "href", corecssurl ); } else { corecss.rel = "stylesheet"; corecss.href = corecssurl; } document.head.appendChild( corecss ); var themecssurl = "/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shThemeMidnight.css?ver=3.0.9b"; if ( themecss.setAttribute ) { themecss.setAttribute( "rel", "stylesheet" ); themecss.setAttribute( "type", "text/css" ); themecss.setAttribute( "href", themecssurl ); } else { themecss.rel = "stylesheet"; themecss.href = themecssurl; } document.head.appendChild( themecss ); })(); SyntaxHighlighter.config.strings.expandSource = '+ expand source'; SyntaxHighlighter.config.strings.help = '?'; SyntaxHighlighter.config.strings.alert = 'SyntaxHighlighter\n\n'; SyntaxHighlighter.config.strings.noBrush = 'Can\'t find brush for: '; SyntaxHighlighter.config.strings.brushNotHtmlScript = 'Brush wasn\'t configured for html-script option: '; SyntaxHighlighter.defaults['gutter'] = false; SyntaxHighlighter.defaults['pad-line-numbers'] = false; SyntaxHighlighter.defaults['toolbar'] = false; SyntaxHighlighter.all(); // Infinite scroll support if ( typeof( jQuery ) !== 'undefined' ) { jQuery( function( $ ) { $( document.body ).on( 'post-load', function() { SyntaxHighlighter.highlight(); } ); } ); } </script> <script type='text/javascript' id='themify-main-script-js-extra'> /* <![CDATA[ */ var themify_vars = {"version":"4.7.7","url":"https:\/\/www.oauth.com\/wp-content\/themes\/themify-ultra\/themify","wp":"6.0.3","map_key":null,"bing_map_key":null,"includesURL":"https:\/\/www.oauth.com\/wp-includes\/","isCached":"disable","commentUrl":"","minify":{"css":{"themify-icons":1,"lightbox":1,"main":1,"themify-builder-style":1},"js":{"backstretch.themify-version":1,"bigvideo":1,"themify.dropdown":1,"themify.mega-menu":1,"themify.builder.script":1,"themify.scroll-highlight":1,"themify-youtube-bg":1,"themify-ticks":1}},"media":{"css":{"wp-mediaelement":{"src":"https:\/\/www.oauth.com\/wp-includes\/js\/mediaelement\/wp-mediaelement.min.css","v":false},"mediaelement":{"src":"https:\/\/www.oauth.com\/wp-includes\/js\/mediaelement\/mediaelementplayer-legacy.min.css","v":"4.2.16"}},"_wpmejsSettings":"var _wpmejsSettings = {\"pluginPath\":\"\\\/wp-includes\\\/js\\\/mediaelement\\\/\",\"classPrefix\":\"mejs-\",\"stretching\":\"responsive\"};","js":{"mediaelement-core":{"src":"https:\/\/www.oauth.com\/wp-includes\/js\/mediaelement\/mediaelement-and-player.min.js","v":"4.2.16","extra":{"before":[false,"var mejsL10n = {\"language\":\"en\",\"strings\":{\"mejs.download-file\":\"Download File\",\"mejs.install-flash\":\"You are using a browser that does not have Flash player enabled or installed. Please turn on your Flash player plugin or download the latest version from https:\\\/\\\/get.adobe.com\\\/flashplayer\\\/\",\"mejs.fullscreen\":\"Fullscreen\",\"mejs.play\":\"Play\",\"mejs.pause\":\"Pause\",\"mejs.time-slider\":\"Time Slider\",\"mejs.time-help-text\":\"Use Left\\\/Right Arrow keys to advance one second, Up\\\/Down arrows to advance ten seconds.\",\"mejs.live-broadcast\":\"Live Broadcast\",\"mejs.volume-help-text\":\"Use Up\\\/Down Arrow keys to increase or decrease volume.\",\"mejs.unmute\":\"Unmute\",\"mejs.mute\":\"Mute\",\"mejs.volume-slider\":\"Volume Slider\",\"mejs.video-player\":\"Video Player\",\"mejs.audio-player\":\"Audio Player\",\"mejs.captions-subtitles\":\"Captions\\\/Subtitles\",\"mejs.captions-chapters\":\"Chapters\",\"mejs.none\":\"None\",\"mejs.afrikaans\":\"Afrikaans\",\"mejs.albanian\":\"Albanian\",\"mejs.arabic\":\"Arabic\",\"mejs.belarusian\":\"Belarusian\",\"mejs.bulgarian\":\"Bulgarian\",\"mejs.catalan\":\"Catalan\",\"mejs.chinese\":\"Chinese\",\"mejs.chinese-simplified\":\"Chinese (Simplified)\",\"mejs.chinese-traditional\":\"Chinese (Traditional)\",\"mejs.croatian\":\"Croatian\",\"mejs.czech\":\"Czech\",\"mejs.danish\":\"Danish\",\"mejs.dutch\":\"Dutch\",\"mejs.english\":\"English\",\"mejs.estonian\":\"Estonian\",\"mejs.filipino\":\"Filipino\",\"mejs.finnish\":\"Finnish\",\"mejs.french\":\"French\",\"mejs.galician\":\"Galician\",\"mejs.german\":\"German\",\"mejs.greek\":\"Greek\",\"mejs.haitian-creole\":\"Haitian Creole\",\"mejs.hebrew\":\"Hebrew\",\"mejs.hindi\":\"Hindi\",\"mejs.hungarian\":\"Hungarian\",\"mejs.icelandic\":\"Icelandic\",\"mejs.indonesian\":\"Indonesian\",\"mejs.irish\":\"Irish\",\"mejs.italian\":\"Italian\",\"mejs.japanese\":\"Japanese\",\"mejs.korean\":\"Korean\",\"mejs.latvian\":\"Latvian\",\"mejs.lithuanian\":\"Lithuanian\",\"mejs.macedonian\":\"Macedonian\",\"mejs.malay\":\"Malay\",\"mejs.maltese\":\"Maltese\",\"mejs.norwegian\":\"Norwegian\",\"mejs.persian\":\"Persian\",\"mejs.polish\":\"Polish\",\"mejs.portuguese\":\"Portuguese\",\"mejs.romanian\":\"Romanian\",\"mejs.russian\":\"Russian\",\"mejs.serbian\":\"Serbian\",\"mejs.slovak\":\"Slovak\",\"mejs.slovenian\":\"Slovenian\",\"mejs.spanish\":\"Spanish\",\"mejs.swahili\":\"Swahili\",\"mejs.swedish\":\"Swedish\",\"mejs.tagalog\":\"Tagalog\",\"mejs.thai\":\"Thai\",\"mejs.turkish\":\"Turkish\",\"mejs.ukrainian\":\"Ukrainian\",\"mejs.vietnamese\":\"Vietnamese\",\"mejs.welsh\":\"Welsh\",\"mejs.yiddish\":\"Yiddish\"}};"]}},"mediaelement-migrate":{"src":"https:\/\/www.oauth.com\/wp-includes\/js\/mediaelement\/mediaelement-migrate.min.js","v":false,"extra":""}}},"scrollTo":null}; var tbLocalScript = {"ajaxurl":"https:\/\/www.oauth.com\/wp-admin\/admin-ajax.php","isAnimationActive":"1","isParallaxActive":"1","isScrollEffectActive":"1","isStickyScrollActive":"1","animationInviewSelectors":[".module.wow",".module_row.wow",".builder-posts-wrap > .post.wow"],"backgroundSlider":{"autoplay":5000},"animationOffset":"100","videoPoster":"https:\/\/www.oauth.com\/wp-content\/themes\/themify-ultra\/themify\/themify-builder\/img\/blank.png","backgroundVideoLoop":"yes","builder_url":"https:\/\/www.oauth.com\/wp-content\/themes\/themify-ultra\/themify\/themify-builder","framework_url":"https:\/\/www.oauth.com\/wp-content\/themes\/themify-ultra\/themify","version":"4.7.7","fullwidth_support":"","fullwidth_container":"body","loadScrollHighlight":"1","addons":[],"breakpoints":{"tablet_landscape":[769,"1024"],"tablet":[681,"768"],"mobile":"480"},"ticks":{"tick":30,"ajaxurl":"https:\/\/www.oauth.com\/wp-admin\/admin-ajax.php","postID":216},"cf_api_url":"https:\/\/www.oauth.com\/?tb_load_cf=","emailSub":"Check this out!"}; var themifyScript = {"lightbox":{"lightboxSelector":".themify_lightbox","lightboxOn":true,"lightboxContentImages":false,"lightboxContentImagesSelector":"","theme":"pp_default","social_tools":false,"allow_resize":true,"show_title":false,"overlay_gallery":false,"screenWidthNoLightbox":600,"deeplinking":false,"contentImagesAreas":"","gallerySelector":".gallery-icon > a","lightboxGalleryOn":true},"lightboxContext":"body"}; var tbScrollHighlight = {"fixedHeaderSelector":"#headerwrap.fixed-header","speed":"900","navigation":"#main-nav, .module-menu .ui.nav","scrollOffset":"-5","scroll":"internal"}; /* ]]> */ </script> <script type='text/javascript' defer="defer" src='/wp-content/themes/themify-ultra/themify/js/main.min.js?ver=4.7.7' id='themify-main-script-js'></script> <script type='text/javascript' defer="defer" src='/wp-content/themes/themify-ultra/themify/js/themify.sidemenu.min.js?ver=1.0.0' id='slide-nav-js'></script> <script type='text/javascript' id='theme-script-js-extra'> /* <![CDATA[ */ var themifyScript = {"themeURI":"https:\/\/www.oauth.com\/wp-content\/themes\/themify-ultra","lightbox":{"lightboxSelector":".themify_lightbox","lightboxOn":true,"lightboxContentImages":false,"lightboxContentImagesSelector":"","theme":"pp_default","social_tools":false,"allow_resize":true,"show_title":false,"overlay_gallery":false,"screenWidthNoLightbox":600,"deeplinking":false,"contentImagesAreas":"","gallerySelector":".gallery-icon > a","lightboxGalleryOn":true},"fixedHeader":"fixed-header","sticky_header":"","ajax_nonce":"90ca84f98a","ajax_url":"https:\/\/www.oauth.com\/wp-admin\/admin-ajax.php","parallaxHeader":"1","pageLoaderEffect":"","infiniteEnable":"0","fullPageScroll":"","shop_masonry":"no","responsiveBreakpoints":{"tablet_landscape":"1024","tablet":"768","mobile":"480"}}; /* ]]> */ </script> <script type='text/javascript' defer="defer" src='/wp-content/themes/themify-ultra/js/themify.script.min.js?ver=1.0.0' id='theme-script-js'></script> <script type='text/javascript' src='/wp-content/themes/oauthdotcom/js/master.js?ver=5a2639f42501af84abfd82f346cc51eae7a90995' id='fabric-master-js'></script> <script type='text/javascript' src='/wp-content/themes/oauthdotcom/js/cookie.js?ver=02fc4fe91fdd37432e130857ad5ada2a84525a13' id='playground-cookie-js'></script> <script type='text/javascript' src='/wp-content/themes/oauthdotcom/js/crypto.js?ver=b1999063286ff48e2dfaeed2107d9f427c8506d8' id='playground-crypto-js'></script> <script type='text/javascript' src='/wp-content/themes/oauthdotcom/js/common.js?ver=149596cc0c6824a0e1eff9271ad09514046367b2' id='playground-common-js'></script> <script type="text/javascript">window.NREUM||(NREUM={});NREUM.info={"beacon":"bam.nr-data.net","licenseKey":"7fe4a5104e","applicationID":"22011134","transactionName":"ZVEEZBAFDUpTABFfDlwbJ1MWDQxXHRMEUQQ=","queueTime":0,"applicationTime":222,"atts":"SRYHElgfHkQ=","errorBeacon":"bam.nr-data.net","agent":""}</script></body> </html>