Book Image

Mastering OAuth 2.0

Book Image

Mastering OAuth 2.0

Overview of this book

OAuth 2.0 is a powerful authentication and authorization framework that has been adopted as a standard in the technical community. Proper use of this protocol will enable your application to interact with the world's most popular service providers, allowing you to leverage their world-class technologies in your own application. Want to log your user in to your application with their Facebook account? Want to display an interactive Google Map in your application? How about posting an update to your user's LinkedIn feed? This is all achievable through the power of OAuth. With a focus on practicality and security, this book takes a detailed and hands-on approach to explaining the protocol, highlighting important pieces of information along the way. At the beginning, you will learn what OAuth is, how it works at a high level, and the steps involved in creating an application. After obtaining an overview of OAuth, you will move on to the second part of the book where you will learn the need for and importance of registering your application and types of supported workflows. You will discover more about the access token, how you can use it with your application, and how to refresh it after expiration. By the end of the book, you will know how to make your application architecture robust. You will explore the security considerations and effective methods to debug your applications using appropriate tools. You will also have a look at special considerations to integrate with OAuth service providers via native mobile applications. In addition, you will also come across support resources for OAuth and credentials grant.
Table of Contents (22 chapters)
Mastering OAuth 2.0
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
11
Tooling and Troubleshooting
Index

Step 2 – Get your access token


After you have registered your application, you are ready to fetch an access token. As we determined in Chapter 2, A Bird's Eye View of OAuth 2.0, the capabilities of your application affect the workflow that you use in this step. Your application could either be trusted, in which case it would use the authorization code grant flow. Or, it could be untrusted, and it would use the implicit grant flow. You could also use any of the other supported workflows described by the specification. This step would then look like this:

The successful completion of a grant flow would result in the acquisition of an access token. This access token can then be used to access a given protected resource. But before we describe how to use an access token, let's first look at what an access token really is.

A closer look at access tokens

Earlier in the book, we made the analogy of access tokens being like physical keys. This is an appropriate analogy in many ways. For instance, keys...