Notes pointant ici
- how to deal with permissions in OAuth2?
- oauth - what’s the meaning of the “gty” claim in a jwt token?
- OAuth 2.0 for Client-side Web Applications | Authorization | Google Developers SPA
- RFC 7636: Proof Key for Code Exchange by OAuth Public Clients
- RFC 8705 - OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
- Which OAuth 2.0 Flow Should I Use?
- why do we need oauth in the first place
- you probably don’t need OAuth2 / OpenID Connect!