Resource Owner in OAuth 2.0

Resource owners are central elements in the OAuth 2.0 concept. Usually resource owner are users who play a certain role in the respective business scenario, for example salespersons. They make resources (see Resource) available for other users by delegating their scopes to OAuth 2.0 enables client applications. These applications use an OAuth 2.0 client to access the resources on behalf of the resource owners.

Depending on the grant type used, the resource owners can further restrict the number of scopes for certain client during the access token request. They can freely decide which applications can access which business resources by assigning them to the business resources.

A resource owner is allowed to delegate OAuth 2.0 scopes. They contain exactly the set of resources a specific application can assess with an OAuth 2.0 client.

From a technical point of view, a resource owner is a user of the type Dialog in an AS ABAP. This user has a specific role (assigned in transaction SU01) that has been designed for OAuth 2.0. In the role for OAuth 2.0, you can determine the OAuth 2.0 client and the respective scope. The resource owner is allowed to delegate his resource to the scope.

If you enter a specific client ID, only this client can access the resource. If the value * is set in OAuth 2.0 Client ID, any client can access the respective resource.

For more information, see the following topics:

• OAuth 2.0 Scopes

• Setting Up an OAuth 2.0 Client

• Business Example for Accessing Resources with OAuth 2.0