Oauth2 Deep Dive

There are quite a few Oauth2 intro blog posts out there. While they serve as great resources for getting a high level background, they (purposely) miss the depth that serious Oauth2 learners may be looking for. On the other hand, Oauth2’s formal RFC specs are freely out there. But people tend to get inpatient with 100+ pages long reading. So I want to provide a middle ground here. In this blog post, I’ll go through every bit of detail of the code flow in Oauth2, step by step, field by field, and especially the rationale behind their designs. There are other alternative flows, such as implicit flow and client credential flow…