sarahwalters

1. When you set up MyApp, you register it with Google. Google gives MyApp an APP_ID and an APP_SECRET, which you store in a credentials file (not in version control!)

2. Alice wants to use MyApp & clicks your "Log in using Google" button.

3. MyApp responds REDIRECT google.com/oauth2/auth?client_id=APP_ID&redirect_uri=myapp.com/oauth_response
- MyApp was given an APP_ID when you registered it with Google
- You specified the redirect uri myapp.com/oauth_response & you wrote a route at /oauth_response to be called once the OAuth process is complete
- Sometimes this REDIRECT link also includes "scopes" -- limits to the information MyApp wants to access from Google

4. When Google receives that REDIRECT, it looks MyApp up by its APP_ID and makes a session linking MyApp to your redirect_uri myapp.com/oauth_response.

sarahwalters

### Keybase proof

I hereby claim:

  * I am sarahwalters on github.
  * I am swalters (https://keybase.io/swalters) on keybase.
  * I have a public key whose fingerprint is 48D6 6AEF E5B7 56F5 FD70  0F6B C0A2 1E70 3144 90BB

To claim this, I am signing this object:

sarahwalters

git fetch upstream
git checkout master
git merge upstream/master
git push origin master