- Registering an OAuth client with an authorization server and configuring the client to talk to the authorization server
- Requesting authorization from a resource owner using the authorization code grant type
- Trading the authorization code for a token
- Using the access token as a bearer token with a protected resource
- Refreshing an access token
As we saw in the last chapter, the OAuth protocol is all about getting tokens to the client and letting the client use the access tokens to access protected resources on behalf of the resource owner. In this chapter, we’ll build a simple OAuth client, use the authorization code grant type to get a bearer access token from an authorization server, and use that token with a protected resource.