Part 2: Building an OAuth Application and API

This session includes a deep dive on the Authorisation Code flow with PKCE, as well as refresh tokens and how to use OpenID Connect to learn the user's name and email address. We'll demonstrate building a simple OAuth client application to get an access token and log the user in. We’ll also build a functioning API that validates access tokens and returns private data. We’ll conclude with a discussion of the various options for access token lifetimes and different ways to validate access tokens, talking about the tradeoffs of each.