There are 4 parties typically involved in an OAuth 2.0 authentication and authorization exchange. Such exchanges are often called authorization flows or auth flows.

• Resource Owner: Resource Owner in this auth flow is typically Seller Admin, who owns the protected resource that your client app accesses on their behalf. Seller Admin can grant or deny your client app access to the resources they own.
• Client Application: This is an application or service that can make protected resource requests on behalf of the resource owner. The client application is the application requesting access to resources stored on the resource server. The client application also obtains authorization from the resource owner. The client application is also referred to as OAuth client.
• Authorization Server (Tiki Marketplace identity platform): Tiki identity platform itself is the authorization server. It securely handles the seller’s information, their access, and the trust relationships between the parties in the auth flow. The authorization server issues the security tokens your client app and APIs use for granting, denying, or revoking access to resources.

• Protected Resource (Resource Server): Protected resources that your client app wants to access are hosted or provided by resource servers. The resource server relies on the authorization server to perform authentication and uses information in bearer tokens issued by the authorization server to grant or deny access to resources.