Web applications (Resource Server) validate an access token before allowing a client application to access resources
Access Gateway validates the Access token on behalf of web applications
Access Gateway injects the Access token on behalf of web applications