A Domino resource provider receives an access token from an application and uses an IAM introspection request to acquire information about the access token. Before it can make an introspection request, the resource provider must first be registered with the IAM service. During the registration process, IAM creates a resource provider id and secret to be used in each instrospection request.
There are currently two kinds of Domino resource providers:
Proton is a resource provider when handling a request in which the client application is acting as a user. See Proton Act-as-User OAuth Configuration for configuration steps.
The OAuth DSAPI extension is a resource provider when handling a Domino Access Services (DAS) request that includes an access token. See OAuth DSAPI extension for OAuth DSAPI configuration steps.
Every IAM service instance should have at least one Domino resource provider configured, but you don't necessarily need to configure both types of resource providers. For example, if your IAM service instance will never be used to introspect an access token for a DAS request, there is no need to configure the OAuth DSAPI extension.