Developing Applications Using Cisco Core Platforms and APIs (DEVCOR) — Question 94

In the three-legged OAuth2 authorization workflow, which entity grants access to a protected resource?

Answer options

• A. resource owner
• B. client
• C. resource server
• D. authorization server

Correct answer: A

Explanation

The resource owner is the individual or entity that has the authority to grant access to their protected resources, making option A the correct answer. The client is the application requesting access, the resource server hosts the protected resources, and the authorization server issues tokens, but none of these can grant access without the resource owner's consent.