Title3

oauth-2

# OAuth 2: A Conversation

## Dramatis Personae
 - Colin: OAuth Client
 - Polly: OAuth User (a person)
 - Roger: OAuth Resource Server
 - Annie: OAuth Authorization Server

## Scene 1: Authorization Code Grant

C (to A): Hi, I'm Colin. Here's my Client ID. (whispers) Here's my Client Secret. Can you ask Polly to confirm that I'm allowed access to her stuff and then contact me at this address? Also, can you give her this `state` token to give to me later?

A (to P): Hi Polly. Colin wants access to your stuff. Is that cool?

P (to A): Sure. Here's my username and password. I'm cool with that

A (to P): Great. Colin wants you to go to this address. Give him this `code` and this `state` token so that he knows what to do next.

P (to C): Hey Colin! Annie asked me to give you this `code` and `state` token

C (to A): Hey Annie! It's me again. Here's by Client ID (whispers) Here's my Client Secret. Also, here's the `code` that you asked Polly to give you. If that's all cool, can you ask Polly to go to this address, please?

A (to P): Hello again, Polly. Colin wants you to go to this address. Can you give him this (hands her an `access_token`)? He's going to need that to access your stuff. In case he's wondering, it's a a token of this type ( hands her a `token_type`).

P (to C): I'm back! You'll need this (gives him `access_token`). Let's go to that address you gave Annie.

C (to P): Sweet! I'm gonna get some of your stuff now.

C (to R): Hey Roger! Can I have some of Polly's stuff. (whispers) I have this `access_token`, so it's totally legit.