I am having some difficulty understanding OAuth and some of it's terms. Specifically the idea of the Client. I am wondering if I might be misunderstanding the RFC 6749 as it relates to a Client.
I have an of API that I would like to access via a Javascript web application (HTML and jQuery). The Javascript application will use jQuery to make AJAX calls to the API. Depending on the username/password submitted by the user of the Javascript application different API's will be available.
In this context, is my Javascript application considered the Client by OAuth? I am confused because other documentation I have read refers to the Client as the third party application, yet in my case this is not a third party application. I am not making use of third party logins (such as Google, Facebook, or Twitter). Is the Client that OAuth is referring only apply to third party logins?
The client is your Javascript application. third party application or relying party also designate your client.
To be more clear, a client is an application that will interact with the authorization server or the resource server
The flow you described is the Resource Owner Password Credentials Grant. However, if your client and the authorization server do not have a trust relationship, I recommend you to use the Authorization Code Grant which is designed for scripting application.
Edit 2025-04-14: the Implicit Grant is deprecated in favor of the Authorization Code Grant