...
- The host received metadata of the AM like OAuth 2.0 endpoints
- The host received an OAuth access token in order to verify requester access tokens in step 3 and as a representation of the user's decision to
- The AM recoived received a list of protected resources on the host it is supposed to authorize on behalf of the user.
The following sub steps are performed in order to fulfill these requirements:
- The host looks up the authorization manager metadata and learns about API endpoints and formats supported by the AM
- The host obtains OAuth client credentials and a the location of the resource registration API from the authorization manager.
- The host obtains an access token from the authorization manager by following the OAuth 2.0 web server flow.
- The host registers the authorization user's resources with the AM by using the resource registration API.
host looks up the authorization manager metadata
...