Requesting Party(RqP)Requesting Party(RqP)Client(On Behalf of Requesting Party)Client(On Behalf of Requesting Party)AMAuthorization Server (AS)AMAuthorization Server (AS)Resource Server(RS)Resource Server(RS)1)RqP wants access to a resource,uses client to...2)Request access with existing token3)Introspects token4)If not authorized for resource, creates a new permission ticket. Returns 401Unauthorized Response with new permission ticket and authZ Server location.5)Token request with ticket & claim token6)Return with rotated ticket and redirect7)Authorization request with ticket8)Authorization response with requesting party token (RPT)9)Resource access request with token (RPT)10)Introspect RPT11)Access protected resource