Developer Workshop Part 2: Building an OAuth Application and API

April 21, 2021

This session includes a deep dive on the Authorisation Code flow with PKCE, as well as refresh tokens and how to use OpenID Connect to learn the user's name and email address. We'll demonstrate building a simple OAuth client application to get an access token and log the user in. We’ll also build a functioning API that validates access tokens and returns private data. We’ll conclude with a discussion of the various options for access token lifetimes and different ways to validate access tokens, talking about the tradeoffs of each.


  • Implementing a secure OAuth client
  • (Live coding example)
  • Finding the user’s email and name
  • (Live coding example)
  • Building an API and validating access tokens
  • (Live coding example)
  • Access token lifetime and validation considerations