In this section, you’ll get to build an entire OAuth 2.0 ecosystem from scratch, including the client, protected resource, and authorization server. We’ll step through each of these components and see how all of the bits interact with each other during the process of implementing the authorization code grant type introduced in the previous section. With that thoroughly under our belts, we’ll tackle several optimizations and variations on the OAuth 2.0 protocol including different client types and different grant types.