In this chapter, we discussed a lot of important topics relating to the security of your application. We looked at several best practices that should be observed when developing your application. It is important to be aware of all of these attack vectors, and mitigate any opportunities that you can for attackers to infiltrate your application. The best practices listed are good rules to follow, but they are not exhaustive. You should try and implement them all in your application. If you don't, at least have the understanding of the scenario so that you are prepared to deal with any attacks that may follow. We also looked at some of the most common attack scenarios on OAuth 2.0 clients, including methods to mitigate them. There are no silver bullets when it comes to security. All that we can do is try our best to plug any holes, and be vigilant in this effort as our application grows and evolves. In the next chapter, we will take a dedicated look at mobile applications and how they...
Mastering OAuth 2.0
Mastering OAuth 2.0
Overview of this book
OAuth 2.0 is a powerful authentication and authorization framework that has been adopted as a standard in the technical community. Proper use of this protocol will enable your application to interact with the world's most popular service providers, allowing you to leverage their world-class technologies in your own application. Want to log your user in to your application with their Facebook account? Want to display an interactive Google Map in your application? How about posting an update to your user's LinkedIn feed? This is all achievable through the power of OAuth.
With a focus on practicality and security, this book takes a detailed and hands-on approach to explaining the protocol, highlighting important pieces of information along the way.
At the beginning, you will learn what OAuth is, how it works at a high level, and the steps involved in creating an application. After obtaining an overview of OAuth, you will move on to the second part of the book where you will learn the need for and importance of registering your application and types of supported workflows. You will discover more about the access token, how you can use it with your application, and how to refresh it after expiration.
By the end of the book, you will know how to make your application architecture robust. You will explore the security considerations and effective methods to debug your applications using appropriate tools. You will also have a look at special considerations to integrate with OAuth service providers via native mobile applications. In addition, you will also come across support resources for OAuth and credentials grant.
Related Content you might be interested in
Current Title:
Mastering OAuth 2.0
No titles found
Table of Contents (22 chapters)
Mastering OAuth 2.0
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Free Chapter
Why Should I Care About OAuth 2.0?
A Bird's Eye View of OAuth 2.0
Four Easy Steps
Register Your Application
Get an Access Token with the Client-Side Flow
Get an Access Token with the Server-Side Flow
Use Your Access Token
Refresh Your Access Token
Security Considerations
What About Mobile?
Tooling and Troubleshooting
Extensions to OAuth 2.0
Resource Owner Password Credentials Grant
Client Credentials Grant
Reference Specifications
Index
Customer Reviews