0
0
HLDsystem_design~12 mins

OAuth 2.0 flow in HLD - Architecture Diagram

Choose your learning style9 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale
System Overview - OAuth 2.0 flow

OAuth 2.0 is a protocol that allows users to grant limited access to their resources on one site to another site, without sharing their credentials. It is commonly used for secure delegated access, such as logging into a third-party app using a social media account.

The key requirements are secure authorization, token issuance, and controlled resource access.

Architecture Diagram
User
  |
  v
Client Application
  |
  v
Authorization Server <--> Resource Owner
  |
  v
Resource Server
Components
User
user
Person who wants to access resources or authorize access
Authorization Server
authorization_server
Authenticates user and issues access tokens
Client Application
client
Requests authorization and uses access tokens to access resources
Resource Server
resource_server
Hosts protected resources and validates access tokens
Resource Owner
resource_owner
Entity owning the protected resources (usually the user)
Request Flow - 8 Hops
UserClient Application
Client ApplicationAuthorization Server
UserAuthorization Server
Authorization ServerClient Application
Client ApplicationAuthorization Server
Authorization ServerClient Application
Client ApplicationResource Server
Resource ServerClient Application
Failure Scenario
Component Fails:Authorization Server
Impact:Users cannot authenticate or obtain tokens, so no new access is granted; existing tokens may still work until expiry
Mitigation:Use multiple authorization server instances with load balancing and failover; cache tokens at resource server to allow limited continued access
Architecture Quiz - 3 Questions
Test your understanding
Which component issues the access token in the OAuth 2.0 flow?
AAuthorization Server
BResource Server
CClient Application
DUser
Design Principle
OAuth 2.0 separates authorization from resource access by issuing tokens through a dedicated Authorization Server. This design improves security by avoiding direct credential sharing and enables scalable, delegated access control.