Copyright
Brief Table of Contents
Table of Contents
Foreword
Preface
Acknowledgments
About this Book
About the Authors
About the Cover Illustration
1. First steps
Chapter 1. What is OAuth 2.0 and why should you care?
1.1. What is OAuth 2.0?
1.2. The bad old days: credential sharing (and credential theft)
1.3. Delegating access
1.3.1. Beyond HTTP Basic and the password-sharing antipattern
1.3.2. Authorization delegation: why it matters and how it’s used
1.3.3. User-driven security and user choice
1.4. OAuth 2.0: the good, the bad, and the ugly
1.5. What OAuth 2.0 isn’t
1.6. Summary
Chapter 2. The OAuth dance
2.1. Overview of the OAuth 2.0 protocol: getting and using tokens
2.2. Following an OAuth 2.0 authorization grant in detail
2.3. OAuth’s actors: clients, authorization servers, resource owners, and protected resources
2.4. OAuth’s components: tokens, scopes, and authorization grants
2.4.1. Access tokens
2.4.2. Scopes
2.4.3. Refresh tokens
2.4.4. Authorization grants
2.5. Interactions between OAuth’s actors and components: back channel, front channel, and endpoints
2.5.1. Back-channel communication
2.5.2. Front-channel communication
2.6. Summary
2. Building an OAuth 2 environment
Chapter 3. Building a simple OAuth client