https://www.pingidentity.com/developer/en/resources/jwt-and-jose.html
https://dzone.com/articles/announcing-the-unicorn-project-availability-of-fir
https://oauth.net/articles/authentication/
https://auth0.com/docs/api-auth/which-oauth-flow-to-use
https://aaronparecki.com/oauth-2-simplified/
https://docs.oracle.com/cd/E39820_01/doc.11121/gateway_docs/content/oauth_flows.html
https://developers.google.com/youtube/v3/guides/authentication
https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
https://www.miniorange.com/single-sign-on-(sso)-using-oauth
https://www.mutuallyhuman.com/blog/choosing-an-sso-strategy-saml-vs-oauth2/
https://auth0.com/learn/how-to-implement-single-sign-on/
https://blog.heroku.com/oauth-sso
https://www.oauth.com/oauth2-servers/openid-connect/building-an-authentication-framework/
https://auth0.com/docs/multifactor-authentication/api/otp
https://itnext.io/an-oauth-2-0-introduction-for-beginners-6e386b19f7a9
multiple scopes https://medium.com/@robert.broeckelmann/oauth2-access-token-usage-strategies-for-multiple-resources-apis-part-2-304bab2570a9