Wow. After much faffing I’ve now had great success with stepping through the Resource Owner Authentication and Authorisation flow.
Where did I struggle?
1. Watch the videos. Success.
2. Get the source code for Identity Server, Authentication Server and the Sample Flow Clients.
3. Sorting out a Self Certified SSL Certificate.
4. Setting up Trust for the certificate.
5. Sorting out signing keys and other configuration issues.
6. Running a flow locally.
Resource Owner Flow
For logging in with a username and password. The Resource Owner Password Flow is really pretty simple, as it allows the client to exchange a user’s username and password for an access token.
For apps running on a web server. This flow includes sending the client user via redirect to the provider’s login and authorization page, then will redirect back to your web application and pass a authorization code in the URL parameters.
Client credentials for application access. Some API endpoints does not require an account access token since they have to be executed without an authenticated user
Still got a long way to go with wrapping my head around all the ins and outs of OAUTH2. Fascinating stuff!