The OAuth 2.0
authorization framework is a protocol that allows a user to grant a third-party web site or application access to the user's protected resources, without necessarily revealing their long-term credentials or even their identity.
introduces an authorization layer and separates the role of the client from that of the resource owner. In OAuth, the client requests access to resources controlled by the resource owner and hosted by the resource server and is issued a different set of credentials than those of the resource owner. Instead of using the resource owner's credentials to access protected resources, the client obtains an access token--a string denoting a specific scope, lifetime, and other access attributes. Access tokens are issued to third-party clients by an authorization server with the approval of the resource owner. Then the client uses the access token to access the protected resources hosted by the resource server.
Auth0 generates access tokens for API authorization scenarios, in JSON web token (JWT) format.
An OAuth 2.0 flow has the following roles:
Entity that can grant access to a protected resource. Typically, this is the end-user.
Server hosting the protected resources. This is the API you want to access.
Application requesting access to a protected resource on behalf of the Resource Owner.
Authorization Server: Server that authenticates the Resource Owner and issues access tokens after getting proper authorization. In this case, Auth0.
Parameter and description
Tells the authorization server which grant to execute.
The ID of the application that asks for authorization.
Holds a URL. A successful response from this endpoint results in a redirect to this URL.
A space-delimited list of permissions that the application requires.
An opaque value, used for security purposes. If this request parameter is set in the request, then it is returned to the application as part of the redirect_uri
For more information click here