# OAuth 2.0 and the Google OAuth Client Library for Java [TOC] ###### tags: `oauth` `google` `java` --- ## Authorization Code Flow for Browser-based Client[🔗](https://developers.google.com/api-client-library/java/google-oauth-java-client/oauth2#browser-based_client_flow) > These are the typical steps of the the browser-based client flow specified in the Implicit Grant specification: > > - Using `BrowserClientRequestUrl`, redirect the end user's browser to the authorization page where the end user can grant your application access to their protected data. > - Use a JavaScript application to process the access token found in the URL fragment at the redirect URI that is registered with the authorization server. > > Sample usage for a web application: ```java public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { String url = new BrowserClientRequestUrl( "https://server.example.com/authorize", "s6BhdRkqt3" ). setState("xyz"). setRedirectUri("https://client.example.com/cb"). build(); response.sendRedirect(url); } ``` ## Detecting an expired access token[🔗](https://developers.google.com/api-client-library/java/google-oauth-java-client/oauth2#detecting_an_expired_access_token) > According to the OAuth 2.0 bearer specification, when the server is called to access a protected resource with an expired access token, the server typically responds with an HTTP 401 Unauthorized status code such as the following: (未完 待續)