Client can be IssuerResource OwnerUser-AgentResource OwnerUser-AgentClientClientIssuerIssuerAuthorization ServerAuthorization ServerResource ServerResource Server1Redirect....2...for authentication.3If credentials are valid, redirect...4...with signed bearer JWT toClient5Request access tokenwith JWT6Validate JWT7Response with access token8Request resource with access token9Request token validation and information10If access token is valid, respond with information11If access token is valid, return protected resource