Working with OAuth2 can be a real pain whether on client or on server side. The standard introduced in 2012 is still a so called proposed-standard and every implementer interprets this standard differently. For developers the OAuth2 flow is often seen as some kind of magic and many of them are struggeling to get into the topic. In this session we will take a look at the protocol flow and the different grant types. In addition to a theoretical overview we will implement an OAuth2 Flow in a futureproof and safe way.