A closer look at the implicit grant flow
Our application wants to view the profile and feed data of the user who is using the application. In order to do this, WMIIG must first get authorization from the user. The OAuth 2.0 specification outlines a very rigid, but straightforward, way in which this transaction must occur. In short, WMIIG must send the user to the service provider's authorization endpoint, passing along with it various properties describing the request, including the redirection endpoint and desired scopes. Here, the user is presented with the option of accepting or denying the request. As mentioned in Chapter 2, A Bird's Eye View of OAuth 2.0, this is known as user consent and is represented by steps 1 to 3 in the previous workflow. Once the user either accepts or denies, the response is sent back to WMIIG via the redirection endpoint. If the user accepts, the response will contain an access token. Otherwise, an appropriate error message will be returned instead...
