In the previous chapter, we talked about what OAuth 2.0 is and its importance in today's technology industry. We established that the protocol is used to effectively exchange information and resources between parties to serve a multitude of purposes (remember federated identity and delegated authority?). But how does it actually achieve these things? This is what we will explore next.

In this chapter, we will take a look at how OAuth 2.0 works at a high level. We will use this knowledge to explore and understand the various ways in which it is used, from websites to mobile devices to desktop applications, and the differences in each.