OAuth 2.1 & OpenID Connect, Explained for Builders
A practical guide to OAuth 2.1 and OpenID Connect for real apps: authorization code + PKCE, refresh tokens, ID tokens, and machine-to-machine flows without the usual auth confusion.
devauthoauth
Posts tagged “oauth”
Tiny explainers grouped by topic. Spend less time Googling, more time building.
The OAuth2 Flow, Decoded — roles, tokens, and the PKCE dance
A simple, diagram-first walkthrough of OAuth 2’s Authorization Code + PKCE flow—who does what (client, resource owner, authorization server, resource server), how the redirects work, and where tokens live.
devsecurityoauth
Authentication vs. Authorization — what’s the difference and how they fit together
A clear, practical comparison: authN proves who you are; authZ decides what you can do. Learn identities, sessions/tokens (OIDC/OAuth2), roles/scopes/permissions, and common pitfalls.
devsecurityauth