OAuth2 is an authorization contract that enables applications to be secured by providing limited access to user accounts that are available an on an HTTP service. Parties involved in an OAuth2 authorization are as follows:

• Resource: The protected artifact in the Resource Server
• Resource Owner: The owner of the resource being requested
• Resource Server: The server that has the resource being requested
• Authorization Server: The server that has the responsibility to authorize the request
• Client: The application that is trying to access a resource

Let's look at the orchestration flow between these parties in the following flow diagram:

From the preceding diagram, we infer the following:

1. The first step will initiate when the User tries to access a resource using an OAuth2 client, such as an Angular application in our case.
2. The OAuth2 client will send a POST /oauth/token request to the Authorization Server with the grant_type and credentials.
3. The Authorization Server will validate the grant_type and credentials, generate an Access_token, and return it to the OAuth2 client.
4. Then, with the Access_token in hand, the OAuth2 client can access the protected resource endpoint by sending it as a header to the Resource Server.
5. Finally, the Resource Server will return the response from the protected resource endpoint.