OAuth2 Flows in Practice

OAuth2 is not just an authentication type, but an authorization framework that allows applications to gain limited access to user accounts.

The Two Most Common Flows

1. Client Credentials: Used for server-to-server communication (M2M). Your application exchanges a client_id and client_secret for an access token.
2. Authorization Code: The most secure flow for web and mobile applications. The user logs into a provider's page and is redirected back with a code.

Why use Heapi for OAuth2?

Unlike regular browsers, Heapi allows you to see exactly what happens during the redirect, inspect URL parameters, and store the resulting token in environment variables automatically for future requests.