Books & Videos

Table of Contents

  1. Chapter 1 Introduction

    1. How OAuth Was Born

    2. Why Developers Should Care About OAuth

    3. Why Don’t These APIs Just Use Passwords for Authorization?

    4. Terminology

    5. The Great Debate over Signatures

    6. Developer and Application Registration

    7. Client Profiles, Access Tokens, and Authorization Flows

  2. Chapter 2 Server-Side Web Application Flow

    1. When Should the Authorization Code Flow Be Used?

    2. Security Properties

    3. User Experience

    4. Step-by-Step

    5. How Can Access Be Revoked?

  3. Chapter 3 Client-Side Web Applications Flow

    1. When Should the Implicit Grant Flow Be Used?

    2. Limitations of the Implicit Grant Flow

    3. Security Properties

    4. User Experience

    5. Step-by-Step

    6. How Can Access Be Revoked?

  4. Chapter 4 Resource Owner Password Flow

    1. When Should the Resource Owner Password Flow Be Used?

    2. Security Properties

    3. User Experience

    4. Step-by-Step

  5. Chapter 5 Client Credentials Flow

    1. When Should the Client Credentials Flow Be Used?

    2. What APIs Support the Client Credentials Flow?

    3. How Does the Client Authenticate?

    4. Security Properties

    5. Step-by-Step

    6. When the Access Token Expires

  6. Chapter 6 Getting Access to User Data from Mobile Apps

    1. Why You Should Use OAuth for Native Mobile Apps

    2. What Flow Should Be Used for Native Mobile Apps?

    3. The (Ugly) Web Browser

    4. Enhanced Mobile App Authorization for Specific Providers

  7. Chapter 7 OpenID Connect Authentication

    1. ID Token

    2. Security Properties

    3. Obtaining User Authorization

    4. Check ID Endpoint

    5. UserInfo Endpoint

    6. Performance Improvements

    7. Practical OpenID Connect

    8. OpenID Connect Evolution

  8. Chapter 8 Tools and Libraries

    1. Google’s OAuth 2.0 Playground

    2. Google’s TokenInfo Endpoint

    3. Apigee’s Console

    4. Facebook’s Access Token Tool and Access Token Debugger

    5. Libraries

    6. Going Further

  1. Appendix References

    1. Specifications

    2. Vendor Documentation

    3. Mailing Lists

    4. Misc