Developer and Application Registration
OAuth requires that applications register with the authorization server so that API requests are able to be properly identified. While the protocol allows for registration using automated means, most API providers require manual registration via filling out a form on their developer websites.
At the time of this writing
Google requires you to register your client by visiting its APIs Console, as shown in Figure 1-2.
Microsoft Windows Live requires you to register your client using its application management site.
Facebook requires you to register your client on the Facebook Developers site.

Figure 1-2. Google’s APIs Console for OAuth app registration
As an example, the following information is required to register an OAuth client with Google via their APIs Console:
Google Account
Product Name
Product Logo (optional)
Website URL used for Redirect URIs (for web applications only)
After registration is complete, the developer is issued client credentials:
- Client ID
Specified as
client_idwhen interacting with the resource server- Client Secret
Specified as
client_secretwhen exchanging an authorization code for an access token and refreshing access tokens using the server-side Web Application Flow (see Figure 7-1).
Why Is Registration Necessary?
Registration enables the application developer to obtain client credentials, which are used to authenticate requests made ...