Introduction The oAuth2 protocol has almost become a standard for securing websites and API services. Developers no longer need to store and manage userIDs and passwords for their users. Offloading the authentication to oAuth providers such as Google, Facebook, Linkedin, Github keeps the authentication with username and password, within those providers rather than passing through the developer’s application.