- An overview of OAuth 2 and the flows was given, referring briefly to the OAuth 2 specifications
- A use case was described using OAuth 2.0 implicit flow, intended for browser scenarios
- The demo was to retrieve an OpenID Connect token and access_token
- Discussion ensued about the use cases for OpenID Connect tokens, which are not clear from the specs. Use cases in the room included improving performance by using an introspectable JWT token instead of having to call a token verification endpoint, providing identity to a resource server that will make further access decisions based on the user identity or attributes, and using teh ID token as a reference to an underlying session.
- The demo used Angular 2 as an OAuth client talking to OpenAM as the authorization server.
- The angular cli was used to generate typescript template files, and a basic implementation of an angular client in the browser was written live.
Source code for Zoltan Tarcsay's demo:
Code on GitHub: https://github.com/zoltantarcsay/oauth2app