Resource Server

A Resource Server is an API that accepts and validates access tokens to protect resources. Build this when you want to secure your API endpoints so that only authorized clients can access them.

A resource server can be separate from the authorization server — it only needs to validate the tokens that the authorization server issued.

Not sure this is the right role? See Concepts for an overview of all OAuth 2.0 roles.

Looking for the Authorization Server (issuing tokens)? Or the Client (consuming an OAuth provider)?

Understand

• Concepts — OAuth 2.0 roles and token validation

• RFC6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage — Bearer Token Usage

How-to

• Flask Integration
  • Multiple Scopes
  • Optional require_oauth
  • MethodView & Flask-Restful
• Django Integration
  • Multiple Scopes
  • Optional require_oauth

Reference

• RFC6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage — Bearer Token Usage

• RFC7662: OAuth 2.0 Token Introspection — Token Introspection