Authentication／Authorization／Delegation

authentication/authorization/delegation entities/actors:

Entity/Actor	Description
Resource Owner (RO) End-User Principal	the entity that is in control of the data exposed by the API, typically an end-user
Client Relying-Party (RP)	the mobile app, website, etc. that wants to access data on behalf of the Resource Owner
Authorization/OAuth Server/Service (AS) Identity-Provider (IdP) OpenID Provider	a combination or sometimes a separation of: Authentication Server - deals with authenticating the End-User Security Token Service (STS) or Token Endpoint - issues tokens (e.g. Access Tokens, Refresh Tokens, ID Tokens)
Resource/UserInfo Server/Provider (RS) Service-Provider (SP)	the service/application/resource: that exposes the protected resource/API and requires authentication/authorization of any principal wishing to access it agrees to trust the Identity-Provider to authenticateClient

NOTE: This 1 of many Grant Flows (above portrays Implicit Flow of OAuth & OpenID Connect)

／var／log marcus chiu