https://roadmap.sh/guides/http-basic-authentication
https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/#token-storage
- ID Token -> OpenID Connect
- Access Token -> API from app client / Bearer Token / JWT
- Refresh Token
https://www.oauth.com/playground/index.html
https://www.rfc-editor.org/rfc/rfc6749
https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/
https://oauth.net/2/grant-types/
https://frontegg.com/blog/oauth-grant-types
https://athiththan11.medium.com/oauth-2-grant-types-a-story-guide-582580a3c4c2
https://aaronparecki.com/oauth-2-simplified/#web-server-apps
https://www.rfc-editor.org/rfc/rfc7636#section-4.1
https://blog.avenuecode.com/getting-started-with-oauth-2.0-authorization-code-with-pkce
https://youtu.be/nNVlewjKQEQ?list=PLHAED1NPcJs_inP1olZzq7-IqOCwQS4y1
https://developers.google.com/identity/protocols/oauth2/web-server