EBOOK
About
OAuth 2 in Action teaches you the practical use and deployment of this HTTP-based protocol from the perspectives of a client, authorization server, and resource server. You'll learn how to confidently and securely build and deploy OAuth on both the client and server sides. Foreword by Ian Glazer.
About the Technology
Think of OAuth 2 as the web version of a valet key. It is an HTTP-based security protocol, that allows users of a service to enable applications to use that service on their behalf without handing over full control. And, OAuth is used everywhere, from Facebook and Google, to startups and cloud services.
OAuth 2 in Action teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server. You'll begin with an overview of OAuth and its components and interactions. Next, you'll get hands-on and build an OAuth client, an authorization server, and a protected resource. Then you'll dig into tokens, dynamic client registration, and more advanced topics. By the end, you'll be able to confidently and securely build and deploy OAuth on both the client and server sides.
What's Inside
• Covers OAuth 2 protocol and design
• Authorization with OAuth 2
• OpenID Connect and User-Managed Access
• Implementation risks
• JOSE, introspection, revocation, and registration
• Protecting and accessing REST APIs
Table of Contents
Part 1 -First steps
• What is OAuth 2.0 and why should you care?
• The OAuth dance Part 2 -Building an OAuth 2 environment
• Building a simple OAuth client
• Building a simple OAuth protected resource
• Building a simple OAuth authorization server
• OAuth 2.0 in the real world Part 3 -OAuth 2 implementation and vulnerabilities
• Common client vulnerabilities
• Common protected resources vulnerabilities
• Common authorization server vulnerabilities
• Common OAuth token vulnerabilities Part 4 -Taking OAuth further
• OAuth tokens
• Dynamic client registration
• User authentication with OAuth 2.0
• Protocols and profiles using OAuth 2.0
• Beyond bearer tokens
• Summary and conclusions
About the Technology
Think of OAuth 2 as the web version of a valet key. It is an HTTP-based security protocol, that allows users of a service to enable applications to use that service on their behalf without handing over full control. And, OAuth is used everywhere, from Facebook and Google, to startups and cloud services.
OAuth 2 in Action teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server. You'll begin with an overview of OAuth and its components and interactions. Next, you'll get hands-on and build an OAuth client, an authorization server, and a protected resource. Then you'll dig into tokens, dynamic client registration, and more advanced topics. By the end, you'll be able to confidently and securely build and deploy OAuth on both the client and server sides.
What's Inside
• Covers OAuth 2 protocol and design
• Authorization with OAuth 2
• OpenID Connect and User-Managed Access
• Implementation risks
• JOSE, introspection, revocation, and registration
• Protecting and accessing REST APIs
Table of Contents
Part 1 -First steps
• What is OAuth 2.0 and why should you care?
• The OAuth dance Part 2 -Building an OAuth 2 environment
• Building a simple OAuth client
• Building a simple OAuth protected resource
• Building a simple OAuth authorization server
• OAuth 2.0 in the real world Part 3 -OAuth 2 implementation and vulnerabilities
• Common client vulnerabilities
• Common protected resources vulnerabilities
• Common authorization server vulnerabilities
• Common OAuth token vulnerabilities Part 4 -Taking OAuth further
• OAuth tokens
• Dynamic client registration
• User authentication with OAuth 2.0
• Protocols and profiles using OAuth 2.0
• Beyond bearer tokens
• Summary and conclusions