Archives For OAuth 2.0

Getting to Know Azure Mobile App Cont.

Microsoft Azure Mobile App has recently gone GA (General Availability) and has definitely captured my attention. Mobile App is a tremendous accelerator that enables us to go from an idea to a functional prototype quickly. Then, we can continue to build on that initial investment to create a robust production ready app. Finally, this post is all about using Visual Studio Team Services (VSTS) to build and publish apps to HockeyApp, so that we can test and assess quality before our apps make it to our favorite app Stores.

Refreshing Authentication Tokens

Authentication Tokens are short-lived and having users login to the App frequently can cause friction. This is definitely undesirable and can be dealt with by identifying when a Token is no longer valid. When this condition is met, we can attempt to refresh the Authentication Token by calling the Azure App Service Token Store APIs. Continue Reading…

Using PowerShell to Authenticate Against OAuth

From development to deployment, PowerShell is becoming the ‘go to’ automation technology on Microsoft Azure. So, I decided to use PowerShell to perform automated tests against a Web API (a.k.a REST service). These tests are built to run during the execution of a Continuous Release cycle and confirm that the API is responding as expected.

Continue Reading…

1-11-2014 3-31-44 PM A couple months ago I was asked to explain OAuth and I really did a horrible job at it. To be honest, I had used it without really digging into details. Following tutorials, using existing SDKs and NuGet packages I got by pretty well, but I wasn’t able to describe how it all worked.

OAuth is an open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications.

Recently, a requirement came up about authentication and authorization for a semi-public API. Remembering how I failed to answer the question the first time, I decided to get my hands on a short book that would bring me up to speed.

I bought "Getting Started with OAuth 2.0" by Ryan Boyd. In my opinion, it’s really a good place to start learning about OAuth 2.0. The book is short and to the point. It gives you a pretty good overview of the possible OAuth Flows, when to use them and which major OAuth provider currently supports them. The book is a little dated so you might want to refer to each of the provider’s documentation.

The OAuth 2.0 Authorization Framework enables a third-party application to obtain limited access to an HTTP service.

OAuth Flows Covered in This Book

  • Server-Side Web Application Flow
  • Client-Side Web Application Flow
  • Resource Owner Password Flow
  • Client Credentials Flow

The book also introduces OpenID Connect, which is a simple identity layer on top of OAuth 2.0. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

Have you read this book? Let me know if it satisfied your expectations.