In this chapter, we took a deeper look at the inner workings of the OAuth 2.0 protocol in order to see how the concepts of federated identity and delegated authority are achieved. We introduced user consent and gave an example of where you may have already seen such a process. We also discussed the concept of trust and how it relates to client applications and the workflows they use. In particular, we explored the client-side flow for untrusted clients and the server-side flow for trusted clients. This all culminates in the ability to determine the trust level for a client application, and subsequently, the ability to choose an appropriate workflow for the application to enable the exchange of information in as secure a manner as possible. ...