Cover image for OAuth 2 in Action

OAuth 2 in Action

Author Justin Richer Antonio Sanso
Release Date: 2017/03/01
ISBN: 9781617293276
Topic:
0%
37
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Book Description

Summary

OAuth 2 in Action teaches you the practical use and deployment of this HTTP-based protocol from the perspectives of a client, authorization server, and resource server. You’ll learn how to confidently and securely build and deploy OAuth on both the client and server sides.

About the Technology

Think of OAuth 2 as the web version of a valet key. It is an HTTP-based security protocol that allows users of a service to enable applications to use that service on their behalf without handing over full control. And OAuth is used everywhere, from Facebook and Google, to startups and cloud services.

About the Book

OAuth 2 in Action teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server. You’ll begin with an overview of OAuth and its components and interactions. Next, you’ll get hands-on and build an OAuth client, an authorization server, and a protected resource. Then you’ll dig into tokens, dynamic client registration, and more advanced topics. By the end, you’ll be able to confidently and securely build and deploy OAuth on both the client and server sides.

What’s Inside

  • Covers OAuth 2 protocol and design

  • Authorization with OAuth 2

  • OpenID Connect and User-Managed Access

  • Implementation risks

  • JOSE, introspection, revocation, and registration

  • Protecting and accessing REST APIs

    • About the Reader

    Readers need basic programming skills and knowledge of HTTP and JSON.

    About the Authors

    Justin Richer is a systems architect and software engineer. Antonio Sanso is a security software engineer and a security researcher. Both authors contribute to open standards and open source.

    Table of Contents

    1. Copyright
    2. Brief Table of Contents
    3. Table of Contents
    4. Foreword
    5. Preface
    6. Acknowledgments
    7. About this Book
    8. About the Authors
    9. About the Cover Illustration
    10. Part 1. First steps
      1. Chapter 1. What is OAuth 2.0 and why should you care?
      2. Chapter 2. The OAuth dance
    11. Part 2. Building an OAuth 2 environment
      1. Chapter 3. Building a simple OAuth client
      2. Chapter 4. Building a simple OAuth protected resource
      3. Chapter 5. Building a simple OAuth authorization server
      4. Chapter 6. OAuth 2.0 in the real world
    12. Part 3. OAuth 2 implementation and vulnerabilities
      1. Chapter 7. Common client vulnerabilities
      2. Chapter 8. Common protected resources vulnerabilities
      3. Chapter 9. Common authorization server vulnerabilities
      4. Chapter 10. Common OAuth token vulnerabilities
    13. Part 4. Taking OAuth further
      1. Chapter 11. OAuth tokens
      2. Chapter 12. Dynamic client registration
      3. Chapter 13. User authentication with OAuth 2.0
      4. Chapter 14. Protocols and profiles using OAuth 2.0
      5. Chapter 15. Beyond bearer tokens
      6. Chapter 16. Summary and conclusions
    14. Appendix A. An introduction to our code framework
    15. Appendix B. Extended code listings
    16. Index
    17. List of Figures
    18. List of Tables
    19. List of Listings