Before Understanding Let's first have an example ⇒

• User : Aakash

• Client Website : A Facebook App → " Who will be your crush ? " ← an Example , which have ⇒

  • Will tell you who will be your crush or girfriend/boyfriend from your FB Friends
  • For this it needing User's [Aakash's] Profile Picture and Facebook Friends Lists
  • But for this This app needing Permission to access User's Data like Aakash's Picture and FB Friends lists from the Authorization Server which is Facebook

• Authorization Server : Facebook website who will Identify Client "Facebook APP" to allow him or not to give Access Token to Client

• Resource Server : Another Server of FB which having all the data related to USER [Aakash] like Profile Picture, Friends Lists, Block Lists, Favourite Pages etc etc

Important Parts while performing of Requests and Response ⇒

• Redirect URI : When OAuth flow Complete then Client Application will be redirect to URL provided by Authorization Server
• Access Token : Application generate Access Token and require in every request
• Client ID : Unique Identifier return When Application Register Successfully
• Client Secret : Unique Token generated after Registration. Tied with Client ID and used to Generate Access Token

Let's Discuss about some of important GRANTS ⇒