The OAuth2 protocol
OAuth2 is a widely adopted standard that secures web applications and their interactions with users and other web applications, and yet it's hard to understand because it's based on many RFCs that are quite complicated to grasp fully.
The core idea of OAuth2 is that a centralized service is in charge of authenticating a caller, and can grant some access in the form of codes or tokens; let's call them keys. Those keys can be used by users or services to access a resource, as long as the service providing that resource accepts that key.
That's what we've used in Chapter 4, Designing Runnerly, to build the Strava microservice. The service interacts with the Strava API on behalf of the users after it was granted access via Strava's authentication service. This grant is called an Authorization Code Grant and is the most commonly used grant. It's known as three-legged OAuth because it involves the user, the authentication service, and a third-party application. Strava generates...
