Our application wants to view the profile and feed data of the user who is using the application. In order to do this, WMIIG must first get authorization from the user. The OAuth 2.0 specification outlines a very rigid, but straightforward, way in which this transaction must occur. In short, WMIIG must send the user to the service provider's authorization endpoint, passing along with it various properties describing the request, including the redirection endpoint and desired scopes. Here, the user is presented with the option of accepting or denying the request. As mentioned in Chapter 2, A Bird's Eye View of OAuth 2.0, this is known as user consent and is represented by steps 1 to 3 in the previous workflow. ...