Summary

In this chapter, we took a deeper look at the inner workings of the OAuth 2.0 protocol in order to see how the concepts of federated identity and delegated authority are achieved. We introduced user consent and gave an example of where you may have already seen such a process. We also discussed the concept of trust and how it relates to client applications and the workflows they use. In particular, we explored the client-side flow for untrusted clients and the server-side flow for trusted clients. This all culminates in the ability to determine the trust level for a client application, and subsequently, the ability to choose an appropriate workflow for the application to enable the exchange of information in as secure a manner as possible.

In the next chapter, we will look at the overall workflow from a developer's perspective. There are really only four simple steps to explore. This will give us a straightforward template that we can use when we start creating our own application, The World's Most Interesting Infographic Generator, in Chapter 4, Register Your Application.