Implementing OAuth authentication

As we did for Basic Auth, we are going to build a server-side implementation of the OAuth2 protocol. As the Backbone App and Server App are both built by us, the best grant type to choose is Resource Owner Password Credentials Grant.

A difference from Basic Auth is that OAuth2 needs to add an endpoint that is used to issue access and refresh tokens. As described in RFC-6749, the requests made to this endpoint should include the following:

The client makes a request to the token endpoint by adding the following parameters using the "application/x-www-form-urlencoded":

grant_type: REQUIRED. Value MUST be set to "password".

username: REQUIRED. The resource owner username.

Password: REQUIRED. The resource owner password. ...

Get Mastering Backbone.js now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.