Despite having implemented my share of OpenID and OAuth consumers, I must confess that I find the whole morass of federated authentication and authorization protocols rather opaque and difficult to understand. This book does a pretty good job of clearing things up, and I think the examples are fairly concrete and well-done. Chapter 2 was definitely the most useful, and it walked through a typical authentication workflow really well. The remaining chapters felt a little perfunctory and rushed, and I thought the description of server-to-server authorization was a little lacking as a result. Chapter 1 was all right, but unfortunately a little disorganized and confusing; in particular I wish it had provided a better overview of the various types of tokens. All that said - for chapter 2 alone, I thought this book was well worth the read, and I definitely found it quite helpful in understanding OAuth.