In this section, you’ll get a thorough overview of the OAuth 2.0 protocol, how it works, and why it works the way that it does. We’ll start with an overview of what OAuth is and how people used to solve the delegation problem before OAuth was invented. We’ll also take a look at the boundaries of what OAuth is not and how it fits into the larger web security ecosystem. We’ll then take a deep look at the authorization code grant type, the most canonical and complete grant type available in OAuth 2.0 today. These topics will provide a solid basis for understanding the rest of the book.