Our apps are becoming more complicated and more distributed. We’re extracting APIs and handling callbacks and pings from the services we depend on. We’re using our data and services from different clients, like rich JavaScript applications and mobile apps. And as we fling our logic into more places, it’s harder to see what’s actually going on between them. If you’re working in applications that have become a forest of APIs and services, or you’ve ever said, “I really wish I could just see what kind of data this server thinks I’m handing it, and what I’m getting back,” this talk is for you. With a few tools and some simple techniques, you’ll watch the data go from your apps to your APIs and see your responses, callbacks, and pings come back.
25. 1. That can't happen.
2. That doesn't happen on my machine.
3. That shouldn't happen.
4. Why does that happen?
5. Oh, I see.
6. How did that ever work? 1
1
http://web.archive.org/web/20051027173148/http://www.68k.org/~jrc/old-blog/
archives/000198.html
@justinweiss
79. What do we need?
The client must be capable of interacting with the
resource owner's user-agent (typically a web
browser) and capable of receiving incoming
requests (via redirection) from the authorization
server.
— OAuth2 RFC8
8
https://tools.ietf.org/html/rfc6749#section-4.1
@justinweiss