http://www.rfcreader.com/#rfc6749
OAuth 2.0
There is four types mode of OAuth, here all of our resource are for internal use, thus we use password mode.
Authorization server:
- Authorization endpoint.
- Token endpoint.
Resource server
We deploy authorization server and resource server separately for scalability consideration. As we have many separate resource servers, each of them have a client id and client secret.
User need to create username and password with client info. Then each time user can ask authorization server for access token with user credentials, then use access token to access according client and get resources.