Implementing OAuth authentication

As we did for Basic Auth, we are going to build a server-side implementation of the OAuth2 protocol. As the Backbone App and Server App are both built by us, the best grant type to choose is Resource Owner Password Credentials Grant.

A difference from Basic Auth is that OAuth2 needs to add an endpoint that is used to issue access and refresh tokens. As described in RFC-6749, the requests made to this endpoint should include the following:

The client makes a request to the token endpoint by adding the following parameters using the "application/x-www-form-urlencoded":

grant_type: REQUIRED. Value MUST be set to "password".

username: REQUIRED. The resource owner username.

Password: REQUIRED. The resource owner password. ...

Get Mastering Backbone.js now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.