Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Getting Started with OAuth 2.0 SPECIAL OFFER: Upgrade this ebook with O’Reilly A Note Regarding Supplemental Files Preface
Conventions Used in This Book Using Code Examples Safari® Books Online How to Contact Us Acknowledgments
1. Introduction
How OAuth Was Born Why Developers Should Care About OAuth Why Don’t These APIs Just Use Passwords for Authorization? Terminology
Authentication Federated Authentication Authorization Delegated Authorization Roles
The Great Debate over Signatures
Mitigating Concerns with Bearer Tokens Signing Your OAuth 2.0 Requests
Getting the key Making API requests
Developer and Application Registration
Why Is Registration Necessary?
Client Profiles, Access Tokens, and Authorization Flows
Client Profiles Access Tokens Authorization Flows
2. Server-Side Web Application Flow
When Should the Authorization Code Flow Be Used? Security Properties User Experience Step-by-Step
Step 1: Let the user know what you’re doing and request authorization
Error handling
Step 2: Exchange authorization code for an access token
Why both access tokens and refresh tokens?
Step 3: Call the API
Error handling
Step 4a: Refresh the access token Step 4b: Obtaining a new access token
How Can Access Be Revoked?
3. Client-Side Web Applications Flow
When Should the Implicit Grant Flow Be Used? Limitations of the Implicit Grant Flow Security Properties User Experience Step-by-Step
Step 1: Let the user know what you’re doing and request authorization
Error handling
Step 2: Parsing the access token from the URL Step 3: Call the API Step 4: Refreshing the access token
How Can Access Be Revoked?
4. Resource Owner Password Flow
When Should the Resource Owner Password Flow Be Used? Security Properties User Experience Step-by-Step
Step 1: Ask the user for their credentials Step 2: Exchange the credentials for an access token Step 3: Call the API Step 4: Refresh the access token
5. Client Credentials Flow
When Should the Client Credentials Flow Be Used? What APIs Support the Client Credentials Flow? How Does the Client Authenticate? Security Properties Step-by-Step
Step 1: Exchange the application’s credentials for an access token Step 2: Call the API
When the Access Token Expires
6. Getting Access to User Data from Mobile Apps
Why You Should Use OAuth for Native Mobile Apps What Flow Should Be Used for Native Mobile Apps?
Do You Have a Mobile Backend Web Server for Your Application?
The (Ugly) Web Browser
Embedded WebView System Web Browser
Enhanced Mobile App Authorization for Specific Providers
For Google For Facebook
7. OpenID Connect Authentication
ID Token Security Properties Obtaining User Authorization Check ID Endpoint UserInfo Endpoint Performance Improvements Practical OpenID Connect
For Google For Facebook
OpenID Connect Evolution
8. Tools and Libraries
Google’s OAuth 2.0 Playground Google’s TokenInfo Endpoint Apigee’s Console Facebook’s Access Token Tool and Access Token Debugger Libraries Going Further
A. References
Specifications Vendor Documentation Mailing Lists Misc
About the Author SPECIAL OFFER: Upgrade this ebook with O’Reilly
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion