Resource OwnerUser-AgentResource OwnerUser-AgentClientOpenAM OAuth 2.0 Auth ModuleClientOpenAM OAuth 2.0 Auth ModuleAuthorization ServerAuthorization ServerResource ServerProtected with OpenAM Policy AgentResource ServerProtected with OpenAM Policy Agent1Redirect...2...to OpenAM OAuth 2.0 authorization server3Authenticate, and confirm authorization grant4Redirect...5...with authorization code to redirect_uri6Authenticate, request access token withauthorization code, redirect_uri7If authorization code is valid, return access token8Request user profile information with access token9If configured, map user to local identity10Redirect...11...with SSO token to protected resource12If authorized by OpenAM (not shown), return protected resource