The OAuth Mediator supports 2 forms of OAuth. It bypasses the RESTFull requests and authenticates users against WSO2 Identity Server.
When a client tries to invoke a RESTful service, it may be required to verify the credentials of the client. This can be achieved by registering an OAuth application in the WSO2 Identity Server. When the client sends a REST call with the Authorization header to the ESB, the OAuth mediator validates it with the Identity server and proceeds.
See 2-legged OAuth for Securing a RESTful Service for detailed instructions to carry out this process.
OAuth Server - Server URL of the WSO2 Identity Server.