The Authorization Server is hosted in a . It is used for generating access tokens that are required for accessing REST APIs hosted by the HTTP/2 Server agent when the OAuth 2.0 Authentication feature is enabled in the HTTP/2 Server agent. Client applications that wish to obtain access token from the Authorization Server must first be registered via the Authorization Server's Management API. Refer to Management API for information on the registration process.
Once the client application has been registered, it can request for access token from the Authorization Server using the client id and secret that are by provided by the Authorization Server during the registration process. Each access token has an expiry time (in seconds) and can only be used within a limited period of time. Upon expiry, the client application will need to request for another token from the Authorization Server.
After obtaining the access token, the client application needs to include it in the HTTP Authorization header fields of the REST API Call request to the HTTP/2 Server agent. If the OAuth 2.0 Authentication feature is enabled in the HTTP/2 Server agent, then it will check the validity of the access token to ensure that it is a JSON Web Token (JWT) and in the format as generated by the Authorization Server and has not expired. Finally, the REST API Response will be generated based on the business logic implemented in the workflow that contains the HTTP/2 Server agent.
...
HTTP/2 Server and Authorization Server architecture