In the OAuth 2.0 Authorization Framework described in Request for Comments (RFC) 6749 (“OAuth 2.0”), a client requests access to resources that are controlled by a resource owner and hosted by a resource server, and is issued a different set of credentials to access the protected resources than those of the resource owner. Specifically, the client obtains an authorization grant from the resource owner, authenticates with an authorization server, and presents the authorization grant to the authorization server. The authorization server authenticates the client, validates the authorization grant, and issues an access token to the client. The client then requests the protected resource from the resource server and authenticates by presenting the access token. The resource server checks the access token, and grants the client access to the protected resource in response to a valid access token from the client.