There are four roles in OAuth2:

• Resource Owner: Normally, this is you.
• Resource Server: The server host's protected data. For example, Google, Github, or Twitter hosts your personal and professional information. 
• Client: An application that requests a resource server to access data. The client can be a website, a desktop application, or even a mobile application.
• Authorization Server: This server will issue an access token to the client. This token will be the key to accessing the information and it's mainly used to request the resource server for the client.

Here's a diagram of the general workflow of the OAuth protocol (the flow isn't fixed for every protocol; it's based on the type of authorization granted):

Here are the steps of the workflow:

1. To access the service resources, the Application sends the Authorization Request to the User.
2.  The Application receives an Authorization Grant if the User authorizes the request.
3. The Application sends the grant to the Authorization Server for an Access Token.
4. If the Authorization Grant is valid and the Application is authenticated, the Authorization Server creates an Access Token.
5. The Application gets the Access Token from the Authorization Server.
6. The application sends a request to the Resource Server for resources from the server as well as authentication.
7. Using the token, the Resource Server provides the requested recourses to the Application.