Table of Contents

Brief Table of Contents

Table of Contents

Acknowledgments

About this Book

About the Authors

About the Cover Illustration

Chapter 1. What is OAuth 2.0 and why should you care?

1.1. What is OAuth 2.0?

1.2. The bad old days: credential sharing (and credential theft)

1.3. Delegating access

1.3.1. Beyond HTTP Basic and the password-sharing antipattern

1.3.2. Authorization delegation: why it matters and how it’s used

1.3.3. User-driven security and user choice

1.4. OAuth 2.0: the good, the bad, and the ugly

1.5. What OAuth 2.0 isn’t

Chapter 2. The OAuth dance

2.1. Overview of the OAuth 2.0 protocol: getting and using tokens

2.2. Following an OAuth 2.0 authorization grant in detail

2.3. OAuth’s actors: clients, authorization servers, resource owners, and protected resources

2.4. OAuth’s components: tokens, scopes, and authorization grants

2.4.1. Access tokens

2.4.3. Refresh tokens

2.4.4. Authorization grants

2.5. Interactions between OAuth’s actors and components: back channel, front channel, and endpoints

2.5.1. Back-channel communication

2.5.2. Front-channel communication

2. Building an OAuth 2 environment

Chapter 3. Building a simple OAuth client

@font-face { font-family: 'livebook'; src:url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.eot?1.9.0'); src:url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.eot?1.9.0') format('embedded-opentype'), url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.woff?1.9.0') format('woff'), url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.ttf?1.9.0') format('truetype'), url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.svg?1.9.0') format('svg'); font-weight: normal; font-style: normal; }