| ▲ | magicalhippo 3 hours ago | |
For me, it really helped to read the Microsoft pages[1] on OAuth 2.0 which has some nice illustrative flow charts, and then go back to the RFCs. That said, there's a lot of details that are non-trivial, especially since in many cases you actually have to deal with OIDC[2] which builds on OAuth 2.0, and so then you're suddenly dealing with JWKs and whatnot in addition. [1]: https://learn.microsoft.com/en-us/entra/identity-platform/v2... | ||