During this flow, the third-party application accesses information from the Todo API, providing the required authentication and authorization details to the OAuth Server. Here are the steps involved:

• Third-party application provides its client credentials and user authorization grants to the authorization server, in order to get access to the Todo API.
• If the authentication is successful, the authorization server responds with an access token. Otherwise, the Authorization Grant Flow would start again.
• Third-party application calls the Todo API (the resource server) that is providing the access token. If the access token is valid, the resource server returns the details of the resource. Otherwise, it receives an error.