- Login - it could be:
- A simple login page which accept username and password and verify them against the credential database
- Enterprise Single Sign-On (SSO) which verify credential against Active Directory
- Consent Server - which get the consent of resource owner to provide access to the client for the listed resources
- Token database - a technical database storing token values and attributes
Both login and consent happen in the Authorization Endpoint.