# COSC312 Lab 04—OAuth2 and decentralised authorisation The objective for this lab is: - for you to familiarise yourself with the software steps involved in implementing an application extension that uses OAuth2 for authorisation. - to ensure you can map the software steps to the material presented in the lecture notes. :::info :eyes: Please let me know if there are any issues working through the Dropbox example application on Apple Mac computers with Arm CPUs. I don't have such a machine, so can't test the Arm compatibility directly. ::: ## Suggested exercises exploring OAuth2 :::success :pencil: **Task One** (recommended) Confirm that you can produce equivalent results to those presented in the lecture notes in terms of developing your own Dropbox helper application. Experiment with different access scopes that can be selected within the Dropbox configuration for your helper application. ::: :::success :pencil: **Task Two** (optional) For more information about what talks to what, when, you can use the `tcpflow-web.sh` script to listen to connections between your web browser and your Dropbox helper application. ::: :::success :pencil: **Task Three** (recommended) For the different steps of interaction between the software components that you have build with your Dropbox helper application, ensure that you can map each such step to the OAuth2 interaction figure that is within the lecture notes. ::: :::success :pencil: **Task Four** (optional) See if you can find another example of an OAuth2 extension framework that you can use in a similar manner to building a Dropbox application. What parts of the alternative helper application match that of Dropbox helper applications, and what parts are different? :::