Getting to Know OAuth 2.0

January 11, 2014 — Leave a comment

1-11-2014 3-31-44 PM A couple months ago I was asked to explain OAuth and I really did a horrible job at it. To be honest, I had used it without really digging into details. Following tutorials, using existing SDKs and NuGet packages I got by pretty well, but I wasn’t able to describe how it all worked.

OAuth is an open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications.

Recently, a requirement came up about authentication and authorization for a semi-public API. Remembering how I failed to answer the question the first time, I decided to get my hands on a short book that would bring me up to speed.

I bought "Getting Started with OAuth 2.0" by Ryan Boyd. In my opinion, it’s really a good place to start learning about OAuth 2.0. The book is short and to the point. It gives you a pretty good overview of the possible OAuth Flows, when to use them and which major OAuth provider currently supports them. The book is a little dated so you might want to refer to each of the provider’s documentation.

The OAuth 2.0 Authorization Framework enables a third-party application to obtain limited access to an HTTP service.

OAuth Flows Covered in This Book

  • Server-Side Web Application Flow
  • Client-Side Web Application Flow
  • Resource Owner Password Flow
  • Client Credentials Flow

The book also introduces OpenID Connect, which is a simple identity layer on top of OAuth 2.0. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

Have you read this book? Let me know if it satisfied your expectations.


No Comments

Be the first to start the conversation!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.