Summary

OAuth 2 in Action teaches you the practical use and deployment of this HTTP-based protocol from the perspectives of a client, authorization server, and resource server. You'll learn how to confidently and securely build and deploy OAuth on both the client and server sides. Foreword by Ian Glazer.

Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.

About the Technology

Think of OAuth 2 as the web version of a valet key. It is an HTTP-based security protocol that allows users of a service to enable applications to use that service on their behalf without handing over full control. And OAuth is used everywhere, from Facebook and Google, to startups and cloud services.

About the Book

OAuth 2 in Action teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server. You'll begin with an overview of OAuth and its components and interactions. Next, you'll get hands-on and build an OAuth client, an authorization server, and a protected resource. Then you'll dig into tokens, dynamic client registration, and more advanced topics. By the end, you'll be able to confidently and securely build and deploy OAuth on both the client and server sides.

What's Inside

• Covers OAuth 2 protocol and design
• Authorization with OAuth 2
• OpenID Connect and User-Managed Access
• Implementation risks
• JOSE, introspection, revocation, and registration

• Protecting and accessing REST APIs
  About the Reader

  Readers need basic programming skills and knowledge of HTTP and JSON.

  About the Author

  Justin Richer is a systems architect and software engineer. Antonio Sanso is a security software engineer and a security researcher. Both authors contribute to open standards and open source.

  Table of Contents

1. What is OAuth 2.0 and why should you care?
2. The OAuth dance Part 2 - Building an OAuth 2 environment
3. Building a simple OAuth client
4. Building a simple OAuth protected resource
5. Building a simple OAuth authorization server
6. OAuth 2.0 in the real world Part 3 - OAuth 2 implementation and vulnerabilities
7. Common client vulnerabilities
8. Common protected resources vulnerabilities
9. Common authorization server vulnerabilities
10. Common OAuth token vulnerabilities Part 4 - Taking OAuth further
11. OAuth tokens
12. Dynamic client registration
13. User authentication with OAuth 2.0
14. Protocols and profiles using OAuth 2.0
15. Beyond bearer tokens

16. Summary and conclusions

    Autorentext

    Justin Richer is a systems architect, software engineer, standards editor, and service designer working as an independent consultant.

    Antonio Sanso works as Security Software Engineer, he is a vulnerability security researcher and an active open source contributor.

    Klappentext

    KEY FEATURES

• Hands-on examples

• Connect with major online services like Google, Facebook,

Twitter

• Takes the reader from beginner to advanced OAuth 2 topics.

AUDIENCE

Readers need basic programming skills and knowledge of HTTP and

JSON.

Zusammenfassung
**** DESCRIPTION

OAuth 2 is like the web version of a valet key. Instead of unsafe

password-sharing, OAuth offers a much more secure delegation

protocol. OAuth is used everywhere, from large providers like

Facebook and Google, to small APIs at startups, and even cloud

services, it’s the worldwide standard. OAuth 2 is the must-know

security protocol on the web today. **

OAuth 2 in Action teaches practical use and deployment of this

protocol from the perspective of a client, authorization server, and

resource server. It begins with an overview of OAuth and a look at its

components and interactions. Using hands-on examples, it shows how

to build a first OAuth client, followed by an authorization server, and

then a protected resource. The second part of the book dives into

crucial implementation vulnerability, and more advanced topics. By

the end of this book, anyone will be able to build and deploy

applications that use OAuth on both the client and server sides.

  **** KEY FEATURES

• Hands-on examples

• Connect with major online services like Google, Facebook,

Twitter

• Takes the reader from beginner to advanced OAuth 2 topics.

****  

AUDIENCE

Readers need basic programming skills and knowledge of HTTP and

JSON.

  **** ABOUT THE TECHNOLOGY

This HTTP-based security protocol allows the users of a service to enable

applications to use that service on their behalf without handing over full

control. Web and mobile apps can securely access information from other

servers for users, enabling apps to give these users functionality and

services from other sites.