I've been reading up on OAuth 2.0, and given my current addiction to Draw Something, it comes at no surprise I've created the comic strip below. At last, learning is fun again.


  • Third Party Client - played by the Valet
  • Service Provider - played by the Stables
  • Information - played by the Horse

Additional Notes:

  • All the transactions above must take place over SSL
  • The Third Party Client must register a Client ID with the Service Provider in order to use OAuth.
  • The Third Party Client must provide a Client Secret along with the Authorization Code in order to retrieve the Access Token.

1 comment

  • Stephen - April 24, 2012

    Just don’t forget to refresh the permission token to ride your horse every hour or so, or you’ll get bucked right off.