OAuth2 in 8 Steps

Tip

The code in this tutorial is now out-of-date, however the fundamental concepts of OAuth that we teach are still 100% valid.

OAuth2: that mystical beast that you kind of understand and occasionally wrestle to integrate with some social media site.

Time to master OAuth2... and why not do it by building a real app with farmers, chickens and real-life providers like Facebook and Google Plus. We'll show you how OAuth really works while looking at how OAuth will feel by using SDK's and other tools that give you shortcuts.

And like always, we'll go directly at the ugly details, like token expiration and having a user deny access to your application. Here's what you'll be learning:

• 3 main OAuth grant types: client credentials, authorization code and implicit;
• The exact flow behind getting your application authorized, exchanging an authorization code for a token, and using the token;
• Authentication (single sign-on) using OAuth;
• Handling expired tokens;
• Using refresh tokens;
• Integrating and authentication with Facebook;
• OAuth integration with Google+;
• What to look out for with security and how you can tighten things.

• Serious OAuth in 8 Steps
• Client Credentials
• Authorization Code Grant Type
• Authorization Code: Saving the Token & Handling Failures
• User Login with OAuth
• OAuth with Facebook
• Facebook: Using the API, Logging in and Failure
• Implicit Grant Type with Google+
• Finishing the Login Callback
• Using Refresh Tokens
• Security