Resource OwnerUser-AgentResource OwnerUser-AgentClientClientOpenAMAuthorization ServerOpenAMAuthorization ServerResource ServerResource Server1Redirect...2...with client_id, scope, state, redirect_uri3Authenticate resource owner andconfirm resource access4If credentials are valid, redirect...5...with authorization code, state to redirect_uri6Authenticate, request access token withauthorization code, redirect_uri7If authorization code is valid, return access token8Request resource with access token9Request token validation and information10If access token is valid, respond with information11If access token is valid, return protected resource