In the OAuth 2.0 Authorization Framework described in Request for Comments (RFC) 6749 (“OAuth 2.0”), a client requests access to resources that are controlled by a resource owner and hosted by a resource server, and is issued a different set of credentials to access the protected resources than those of the resource owner. Specifically, the client obtains an authorization grant from the resource owner, authenticates with an authorization server, and presents the authorization grant to the authorization server. The authorization server authenticates the client, validates the authorization grant, and issues an access token to the client. The client then requests the protected resource from the resource server and authenticates by presenting the access token. The resource server checks the access token, and grants the client access to the protected resource in response to receiving a valid access token from the client.
Previous approaches to granting access to protected resources based on access tokens have exhibited shortcomings. For example, it is not uncommon that multiple friendly trusted users (i.e., users that have a relationship or an association) desire access to the protected resource. However, in such a scenario, each user will be required to obtain an authorization grant from the resource owner, as well as subsequently performing the above described steps, before an access token will be issued by the authentication server. This is despite the fact that one of the users may already have a valid access token. This is undesirable.
There is, therefore, a need for further approaches regarding the granting and/or issuing of access tokens.