Summary
In this chapter, we took a detailed look at the protocol for the implicit grant flow, noting the required and optional properties in the request as well as the required and optional properties in the response. We put this knowledge to use and implemented a real OAuth 2.0 flow using the implicit grant flow from an untrusted client that we created. After all that, we ended up with a valid Facebook access token. The next step is to then use this access token to make a request to Facebook to actually get the profile and feed data for us to use. We will cover this in Chapter 7, Use Your Access Token. But before we do that, we will first take a look at the same process of requesting an access token, but using the slightly more complex, but more secure, authorization code grant flow for server-side applications.
