# COSC312 Lab week 7—OAuth2 and decentralised authorisation The objective for this lab is: - for you to familiarise yourself with the software steps involved in implementing an application extension that uses OAuth2 for authorisation. - to ensure you can map the software steps to the material presented in the lecture notes. This lab again reuses the virtual machine we've previously employed for experimenting with security-relevant software. To get your VM up and running again, you may want to look back at the first set of lecture notes and labs that involved use of the VM. ## Suggested exercises exploring OAuth2 :::success ✏️ **Task One** (recommended) Confirm that you can produce equivalent results to those presented in the lecture notes in terms of developing your own Dropbox helper application. Experiment with different access scopes that can be selected within the Dropbox configuration for your helper application. ::: :::success ✏️ **Task Two** (optional) For more information about what talks to what, when, you can use the `tcpflow-web.sh` script to listen to connections between your web browser and your Dropbox helper application. ::: :::success ✏️ **Task Three** (recommended) For the different steps of interaction between the software components that you have build with your Dropbox helper application, ensure that you can map each such step to the OAuth2 interaction figure that is within the lecture notes. ::: :::success ✏️ **Task Four** (optional) See if you can find another example of an OAuth2 extension framework that you can use in a similar manner to building a Dropbox application. What parts of the alternative helper application match that of Dropbox helper applications, and what parts are different? :::