Authorization Code Grant flow implementation

[toryalsip]

There are some concepts in oauth that are new to me, so I was getting myself familiar with what this is and why it would be preferable to just having the app ask for login credentials. The problem as I see it in the API implementation is that we have a public method, GetOAuthToken, but we tell developers not to use it without going into a lot of detail about how it should work with Authorization Code Grant flow. That's something that should probably be addressed sooner as opposed to later.

After doing some investigation, I'm wondering just how much this differs between platforms. For example, in Windows Apps I can use a WebAuthenticationBroker class to handling the response_type=code portion of the flow. I haven't had a chance to see how Xamarin does this, maybe it has something similar. But I have a feeling this will be quite platform specific, which may not fit nicely into a PCL at all. 😨