This has led many developers and API providers to incorrectly conclude that OAuth is itself of the identity API, thereby finding out who authorized the client in the first place. However, that's not the only way to get an access token in OAuth..