OAuth 2 defines four roles:
- Resource owner: Represents the person or application who owns the resource for which we need to control access
- Resource server: The server that hosts the resources; for example, a resource server may be an API that stores data that an application needs to access
- Client: The application that is requesting the resource
- Authorization server: Server that authorizes the client application to have access to a resource
It should be noted that the resource server and the authorization server can be the same server, but for larger applications they are commonly separate servers.