Chapter 8. Tools and Libraries
Although OAuth 2.0 is relatively young, there are still a variety of tools and libraries available for developers to make using it easier.
Google’s OAuth 2.0 Playground
Google has built a new version of its OAuth Playground tool for OAuth 2.0 (see Figure 8-1). The OAuth 2.0 Playground demonstrates the three-step process for a typical server-side web application Authorization Code flow: getting an authorization code, exchanging it for an access token, and making API requests. It also supports the Implicit flow for client-side web applications.
While the default configuration is to use Google’s APIs and OAuth endpoints, the tool does enable you to specify a custom client ID, client secret, and custom endpoints. Salesforce has blogged about how to use the tool with their APIs.
Figure 8-1. Google’s OAuth Playground
Note
This tool is made available by Google for educational and testing purposes. While it exposes the OAuth access token to the web browser (and resource owner), this should not normally be done when using the Authorization Code flow and confidential clients. Also, specifying custom client ID and client secret values requires those credentials be sent to the OAuth Playground server.
Get Getting Started with OAuth 2.0 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
