This repo shows how an OAuth2 client (index.html) could use implicit flow to redirect to an OAuth2 Provider (authorize.html).
The particular OAuth2 Provider implemented here uses Metamask (and MetaMascara) to authenticate a user. Authentication happens by the user signing a JWT. This JWT is returned to the OAuth2 client as a bearer token. The client page can verify the signature (using web3/Metamask) or send it to a backend for server-side verification in REST APIs.
Because the JWT is signed using the personal_sign RPC call, which doesn't allow signing of arbitrary hashes, verification should be done using personal_ecRecover.
The files in the repo are hosted on GitHub Pages at https://blog.enuma.io/metamask-oauth2/ . Note that because GitHub Pages does not support HTTPS for custom domains there will be an SSL warning when accessing the demo.