Book Image

Mastering OAuth 2.0

Book Image

Mastering OAuth 2.0

Overview of this book

OAuth 2.0 is a powerful authentication and authorization framework that has been adopted as a standard in the technical community. Proper use of this protocol will enable your application to interact with the world's most popular service providers, allowing you to leverage their world-class technologies in your own application. Want to log your user in to your application with their Facebook account? Want to display an interactive Google Map in your application? How about posting an update to your user's LinkedIn feed? This is all achievable through the power of OAuth. With a focus on practicality and security, this book takes a detailed and hands-on approach to explaining the protocol, highlighting important pieces of information along the way. At the beginning, you will learn what OAuth is, how it works at a high level, and the steps involved in creating an application. After obtaining an overview of OAuth, you will move on to the second part of the book where you will learn the need for and importance of registering your application and types of supported workflows. You will discover more about the access token, how you can use it with your application, and how to refresh it after expiration. By the end of the book, you will know how to make your application architecture robust. You will explore the security considerations and effective methods to debug your applications using appropriate tools. You will also have a look at special considerations to integrate with OAuth service providers via native mobile applications. In addition, you will also come across support resources for OAuth and credentials grant.
Table of Contents (22 chapters)
Mastering OAuth 2.0
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
11
Tooling and Troubleshooting
Index

Summary


In this chapter, we took a detailed look at the protocol for the implicit grant flow, noting the required and optional properties in the request as well as the required and optional properties in the response. We put this knowledge to use and implemented a real OAuth 2.0 flow using the implicit grant flow from an untrusted client that we created. After all that, we ended up with a valid Facebook access token. The next step is to then use this access token to make a request to Facebook to actually get the profile and feed data for us to use. We will cover this in Chapter 7, Use Your Access Token. But before we do that, we will first take a look at the same process of requesting an access token, but using the slightly more complex, but more secure, authorization code grant flow for server-side applications.