In this chapter, we concluded our discussion of the OAuth 2.0 protocol by looking at the various ways it can be extended and customized to meet the needs of almost any situation. With such extensibility, the protocol gains flexibility and robustness, allowing it to be used in a multitude of scenarios. You will typically see it in a consumer setting offered to third-party developers, such as yourselves, by service providers such as Facebook, Google, and Instagram. In addition to exploring the ways that OAuth 2.0 can be extended, we took a dedicated look at a particular extension in OpenID Connect. We examined a basic OpenID Connect flow to gain profile information about the user, and demonstrated that it is actually very similar to the ...