OAuth 2.0
front channel is about UI and the back channel is about converting the outcome of the frontchannel to tokens
reference token vs self-encoded access token ->