OAuth 2.0 serves as an authorization protocol facilitating applications to acquire restricted access to user accounts on various HTTP services, including popular platforms like Google, Facebook, Dropbox, or even your proprietary application. With OAuth 2.0, your application can interact with Google APIs securely, without requiring users to disclose their login credentials.

However, navigating OAuth can often be confusing.

What exactly are Access Tokens, Refresh Tokens, and ID Tokens?

How do we create them?

What roles do they play?

And what about Scopes and Redirect URIs?

Fear not, as we're here to unravel these mysteries and more.

In this session, we'll leverage Google's OAuth server for practical demonstrations. We'll initiate by creating a new project on Google, followed by configuring application credentials necessary for authorization requests. Then, we'll delve into the OAuth2 dance, guiding you through the steps to acquire tokens from the server.

To ensure accessibility, we'll conduct all operations using familiar tools like Postman or curl alongside a web browser, keeping things as straightforward as possible.