We accomplished a lot in this chapter. We explored the authorization code grant flow, noting differences with the implicit grant flow, which we demonstrated in the previous chapter. During this detailed exploration of the protocol, we discussed the traits of the flow that make it more secure and the preferred authorization flow for OAuth 2.0 clients. We also saw how some service providers may not necessarily abide by the final version of the OAuth 2.0 specification. To remedy this, we explored some alternative methods for gaining authorization and fetching tokens that were supported in previous versions of the specification. It all culminated when we created a simple Java application to request an access token from Facebook for our sample ...