The identity company/authorization server validates the access token. If successful the ask for for shielded sources is granted, along with a response is sent back to the customer application.
Identity and access https://joanduqj872314.activoblog.com/28347262/the-5-second-trick-for-identity-and-access-management
