Step 2 – Get your access token
After you have registered your application, you are ready to fetch an access token. As we determined in Chapter 2, A Bird's Eye View of OAuth 2.0, the capabilities of your application affect the workflow that you use in this step. Your application could either be trusted, in which case it would use the authorization code grant flow. Or, it could be untrusted, and it would use the implicit grant flow. You could also use any of the other supported workflows described by the specification. This step would then look like this:
The successful completion of a grant flow would result in the acquisition of an access token. This access token can then be used to access a given protected resource. But before we describe how to use an access token, let's first look at what an access token really is.
A closer look at access tokens
Earlier in the book, we made the analogy of access tokens being like physical keys. This is an appropriate analogy in many ways. For instance, keys...
