Table of Contents

 

Copyright

Brief Table of Contents

Table of Contents

Foreword

Preface

Acknowledgments

About this Book

About the Authors

About the Cover Illustration

1. First steps

Chapter 1. What is OAuth 2.0 and why should you care?

1.1. What is OAuth 2.0?

1.2. The bad old days: credential sharing (and credential theft)

1.3. Delegating access

1.3.1. Beyond HTTP Basic and the password-sharing antipattern

1.3.2. Authorization delegation: why it matters and how it’s used

1.3.3. User-driven security and user choice

1.4. OAuth 2.0: the good, the bad, and the ugly

1.5. What OAuth 2.0 isn’t

1.6. Summary

Chapter 2. The OAuth dance

2.1. Overview of the OAuth 2.0 protocol: getting and using tokens

2.2. Following an OAuth 2.0 authorization grant in detail

2.3. OAuth’s actors: clients, authorization servers, resource owners, and protected resources

2.4. OAuth’s components: tokens, scopes, and authorization grants

2.4.1. Access tokens

2.4.2. Scopes

2.4.3. Refresh tokens

2.4.4. Authorization grants

2.5. Interactions between OAuth’s actors and components: back channel, front channel, and endpoints

2.5.1. Back-channel communication

2.5.2. Front-channel communication

2.6. Summary

2. Building an OAuth 2 environment

Chapter 3. Building a simple OAuth client