Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering OAuth 2.0
  • Table Of Contents Toc
  • Feedback & Rating feedback
Mastering OAuth 2.0

Mastering OAuth 2.0

3.5 (6)
Buy this Book
close
close
Mastering OAuth 2.0

Mastering OAuth 2.0

3.5 (6)
Buy this Book

Overview of this book

OAuth 2.0 is a powerful authentication and authorization framework that has been adopted as a standard in the technical community. Proper use of this protocol will enable your application to interact with the world's most popular service providers, allowing you to leverage their world-class technologies in your own application. Want to log your user in to your application with their Facebook account? Want to display an interactive Google Map in your application? How about posting an update to your user's LinkedIn feed? This is all achievable through the power of OAuth. With a focus on practicality and security, this book takes a detailed and hands-on approach to explaining the protocol, highlighting important pieces of information along the way. At the beginning, you will learn what OAuth is, how it works at a high level, and the steps involved in creating an application. After obtaining an overview of OAuth, you will move on to the second part of the book where you will learn the need for and importance of registering your application and types of supported workflows. You will discover more about the access token, how you can use it with your application, and how to refresh it after expiration. By the end of the book, you will know how to make your application architecture robust. You will explore the security considerations and effective methods to debug your applications using appropriate tools. You will also have a look at special considerations to integrate with OAuth service providers via native mobile applications. In addition, you will also come across support resources for OAuth and credentials grant.
Table of Contents (17 chapters)
close
close
close
Preface
chevron up
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Free Chapter
1
1. Why Should I Care About OAuth 2.0?
Icon
1. Why Should I Care About OAuth 2.0?
Icon
Authentication versus authorization
Icon
What problems does it solve?
Icon
How does OAuth 2.0 actually solve the problem?
Icon
Who uses OAuth 2.0?
Icon
Introducing "The World's Most Interesting Infographic Generator"
Icon
Summary
2
2. A Bird's Eye View of OAuth 2.0
Icon
2. A Bird's Eye View of OAuth 2.0
Icon
How does it work?
Icon
First look at the client-side flow
Icon
First look at the server-side flow
Icon
What are the differences?
Icon
What about mobile?
Icon
Summary
3
3. Four Easy Steps
Icon
3. Four Easy Steps
Icon
Let's get started
Icon
Step 1 – Register your client application
Icon
Step 2 – Get your access token
Icon
Step 3 – Use your access token
Icon
Step 4 – Refresh your access token
Icon
Putting it all together
Icon
Summary
4
4. Register Your Application
Icon
4. Register Your Application
Icon
Recap of registration process
Icon
Registering your application with Facebook
Icon
Putting it all together!
Icon
Summary
5
5. Get an Access Token with the Client-Side Flow
Icon
5. Get an Access Token with the Client-Side Flow
Icon
Refresher on the implicit grant flow
Icon
A closer look at the implicit grant flow
Icon
Let's build it!
Icon
Summary
Icon
Reference pages
6
6. Get an Access Token with the Server-Side Flow
Icon
6. Get an Access Token with the Server-Side Flow
Icon
Refresher on the authorization code grant flow
Icon
A closer look at the authorization code grant flow
Icon
Let's build it!
Icon
Summary
Icon
Reference pages
7
7. Use Your Access Token
Icon
7. Use Your Access Token
Icon
Refresher on access tokens
Icon
Use your access token to make an API call
Icon
Let's build it!
Icon
Creating the world's most interesting infographic
Icon
Summary
Icon
Reference pages
8
8. Refresh Your Access Token
Icon
8. Refresh Your Access Token
Icon
A closer look at the refresh token flow
Icon
What if I have no refresh token? Or my refresh token has expired?
Icon
The ideal workflow
Icon
Summary
Icon
Reference pages
9
9. Security Considerations
Icon
9. Security Considerations
Icon
What's at stake?
Icon
Security best practices
Icon
Common attacks
Icon
Summary
10
10. What About Mobile?
Icon
10. What About Mobile?
Icon
What is a mobile application?
Icon
What flow should we use for mobile applications?
Icon
Hybrid architectures
Icon
Authorization via application instead of user-agent
Icon
Summary
11
11. Tooling and Troubleshooting
Icon
11. Tooling and Troubleshooting
Icon
Tools
Icon
Troubleshooting
Icon
Summary
12
12. Extensions to OAuth 2.0
Icon
12. Extensions to OAuth 2.0
Icon
Extensions to the OAuth 2.0 framework
Icon
OpenID Connect
Icon
Summary
13
A. Resource Owner Password Credentials Grant
Icon
A. Resource Owner Password Credentials Grant
Icon
When should you use it?
Icon
Reference pages
14
B. Client Credentials Grant
Icon
B. Client Credentials Grant
Icon
When should you use it?
Icon
Reference pages
Icon
Overview of the client credentials grant
15
C. Reference Specifications
Icon
C. Reference Specifications
Icon
The OAuth 2 Authorization Framework
Icon
The OAuth 2 Authorization Framework: Bearer Token Usage
Icon
OAuth 2.0 Token Revocation
Icon
OAuth 2.0 Thread Model and Security Considerations
Icon
Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
Icon
Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
Icon
JSON Web Token (JWT)
Icon
JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
Icon
OpenID Connect Core 1.0
Icon
HTTP Authentication: Basic and Digest Access Authentication
16
Index
Icon
Index

What this book covers

Chapter 1, Why Should I Care About OAuth 2.0?, introduces the OAuth 2.0 protocol, and discusses its purpose, prevalence, and importance.

Chapter 2, A Bird's Eye View of OAuth 2.0, takes a high-level look at the OAuth 2.0 protocol and the different workflows it describes.

Chapter 3, Four Easy Steps, enumerates the simple steps necessary to integrate with a service provider using the OAuth 2.0 protocol.

Chapter 4, Register Your Application, details the first of these four steps which covers registering your application with the service provider.

Chapter 5, Get an Access Token with the Client-Side Flow, discusses the complicated topic of gaining access to a protected resource from what we call an untrusted client.

Chapter 6, Get an Access Token with the Server-Side Flow, discusses the complicated topic of gaining access to a protected resource from what we call a trusted client.

Chapter 7, Use Your Access Token, outlines the process for exercising access to a resource once it has been granted to you.

Chapter 8, Refresh Your Access Token, talks about the process of refreshing your access once it expires.

Chapter 9, Security Considerations, discusses the many important security considerations to be made in your application. This is an important topic for any application, but is especially important given the power that this protocol allows.

Chapter 10, What About Mobile?, is a chapter dedicated to the topic of mobile devices, including phones and tablets, and all of the considerations that come with it.

Chapter 11, Tooling and Troubleshooting, talks about how to troubleshoot issues with your integration as well as how to appropriately handle errors so as to minimize user interaction.

Chapter 12, Extensions to OAuth 2.0, looks at the various ways OAuth 2.0 can be extended to satisfy a multitude of use cases.

Appendix A, Resource Owner Password Credentials Grant, takes a look at one of the supplemental supported flows in the book.

Appendix B, Client Credentials Grant, takes a look at another of the supplemental supported flows in the book.

Appendix C, Reference Specifications, enumerates the various open specifications that are referenced throughout the book.

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY