OAuth 2.0 Identity and Access Management Patterns


OAuth 2.0 Identity and Access Management Patterns
eBook: $20.99
Formats: PDF, PacktLib, ePub and Mobi formats
$17.84
save 15%!
Print + free eBook + free PacktLib access to the book: $55.98    Print cover: $34.99
$34.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Overview
Table of Contents
Author
Support
Sample Chapters
  • Build web, client-side, desktop, and server-side secure OAuth 2.0 client applications by utilizing the appropriate grant flow for the given scenario
  • Get to know the inner workings of OAuth 2.0 and learn how to handle and implement various authorization flows
  • Explore practical code examples that are executable as standalone applications running on top of Spring MVC

Book Details

Language : English
Paperback : 128 pages [ 235mm x 191mm ]
Release Date : November 2013
ISBN : 1783285591
ISBN 13 : 9781783285594
Author(s) : Martin Spasovski
Topics and Technologies : All Books, Application Development, Open Source

Table of Contents

Preface
Chapter 1: Need for OAuth 2.0
Chapter 2: Terms You Need To Know
Chapter 3: First Step for Your Application
Chapter 4: OAuth for Web Server Applications
Chapter 5: OAuth for Client-side Applications
Chapter 6: OAuth for Mobile Applications
Chapter 7: OAuth for Trusted Applications
Chapter 8: Security Considerations
Chapter 9: Additional Security with SAML
Chapter 10: Common Tools and Libraries
Appendix: OAuth 2.0 Resources
Index
  • Chapter 1: Need for OAuth 2.0
    • Why OAuth 2.0?
    • Benefits of OAuth 2.0
      • API security
      • Internal enterprise applications
      • Service integration and authorization delegation
      • Federated identity
      • Easier service monitoring
    • Summary
    • Chapter 2: Terms You Need To Know
      • Roles
        • Resource owner
        • Authorization server
        • Resource server
        • Client
      • Authorization flow
        • Abstract example
        • OAuth 2.0 grant flows
      • Tokens
        • Access token
        • Refresh token
      • Clients and endpoints
        • Client types and profiles
        • Endpoints
      • Access scope
      • Summary
        • Chapter 4: OAuth for Web Server Applications
          • Authorization code grant
            • Requesting the authorization code
              • Making the request
              • Successful authorization
              • Authorization error
            • Requesting the access token
              • Making the request
              • Successful response
          • Practical example
          • Summary
              • Chapter 7: OAuth for Trusted Applications
                • Resource owner password credentials grant
                  • Requesting authorization
                  • Successful authorization
                  • Authorization error
                • Client credentials grant
                  • Requesting authorization
                  • Successful authorization
                  • Authorization error
                • Practical example
                  • Resource owner password credentials grant
                  • Client credentials grant
                • Summary
                • Chapter 8: Security Considerations
                  • What is there to be protected
                  • OAuth 2.0 security features
                    • Scope
                    • Token lifetime
                    • The refresh token
                    • Authorization code
                    • Redirect URI
                    • State
                    • Client identifier
                  • Security considerations
                    • Use TLS
                    • Ensure web server application protection
                    • Ensure mobile and desktop application protection
                    • Utilize the state parameter
                    • Use refresh tokens when available
                    • Request the needed scope only
                  • Summary
                  • Chapter 9: Additional Security with SAML
                    • SAML (2.0)
                    • OAuth 2.0 assertions
                      • Other assertion based specifications
                    • OAuth 2.0 SAML bearer assertion grant flow
                      • Preparing assertion
                      • Requesting authorization
                      • Successful authorization
                      • Authorization error
                    • OAuth 2.0 SAML assertions for client authentication
                      • Requesting the access token
                      • Authentication error
                    • Summary
                      • Appendix: OAuth 2.0 Resources
                        • OAuth 2.0 specification
                        • OAuth WG mailing list
                        • OAuth 2.0 Threat Model and Security Considerations
                        • The OAuth 2.0 Authorization Framework - Bearer Token Usage
                        • Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
                        • SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
                        • OAuth website

                        Martin Spasovski

                        Martin Spasovski is a software development professional involved in developing JVM-based enterprise solutions. He has been working with various back-end technologies and architectures, and with various front-end technologies (from RCP to modern JavaScript web applications), and knows how to integrate both sides well. He mostly likes to work in the domain of data processing, software optimization, and providing custom solutions. He is a vocal open source and open standards supporter, and a member of the local Java User Group named JUGMK, and likes to research on emerging technologies and give internal presentations at Seavus, the company that he works for. He can be found at http://thisismartin.com, where his blog, contact info, and links to public project repositories can be found.
                        Sorry, we don't have any reviews for this title yet.

                        Code Downloads

                        Download the code and support files for this book.


                        Submit Errata

                        Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

                        Sample chapters

                        You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

                        Frequently bought together

                        OAuth 2.0 Identity and Access Management Patterns +    Microsoft Dynamics AX 2009 Programming: Getting Started =
                        50% Off
                        the second eBook
                        Price for both: €28.40

                        Buy both these recommended eBooks together and get 50% off the cheapest eBook.

                        What you will learn from this book

                        • Master the meaning of key terms used and defined in the OAuth 2.0 specification
                        • Create OAuth 2.0 web applications and learn the Authorization Code grant
                        • Generate client-side OAuth 2.0 applications and learn the Implicit grant
                        • Design OAuth 2.0 mobile applications with the Implicit and Authorization Code grants
                        • Develop trusted OAuth 2.0 applications and learn the Resource Owner Password Credentials grant and the Client Credentials grant
                        • Understand which security features OAuth 2.0 contains, what information is to be protected, and what precautions should be put in place
                        • Explore the basics of SAML 2.0 Assertions and how to use them as a means of additional security
                        • Know which tools and libraries are available for faster development

                         

                        In Detail

                        OAuth 2.0 has become the most widely used authorization framework. It provides an easy-to-use sign-in mechanism and allows users to quickly and efficiently secure service APIs. It also provides a protection layer for assets so that various third-party applications cannot have direct access to them. From service providers like Amazon and social media platforms like Facebook and Twitter to various internal enterprise solutions, OAuth 2.0 is the preferred standard for authorization.

                        OAuth 2.0 Identity and Access Management Patterns is a step-by-step guide to build web, client-side, desktop, and server-side secure OAuth 2.0 client applications by utilizing the appropriate authorization techniques.. This book will help you handle and implement various authorization flows for your chosen type of application. Furthermore, you will understand when and how OAuth 2.0 is used in enterprises for trusted and first-party applications. You will gain knowledge about the Resource Owner Password Credentials grant and the Client Credentials grant, and more importantly, you will understand how to implement them yourself with the help of practical code examples.

                        You will start by making various client applications step-by-step before moving on to client registration and implementing various OAuth 2.0 authorization flows. Furthermore, you will also be handling server responses with access tokens and errors. By the end of this book, you should understand precisely what it takes for these client applications to be secured.

                        This book helps you cover each type of application: web, client-side, desktop, and trusted applications. In addition, you are also shown how to implement various authorization grant flows for each of these applications. You will uncover the security features that are a part of OAuth 2.0. More importantly, the book demonstrates what information is transmitted during the execution of a flow, and which precautions can be made. With OAuth 2.0 Identity and Access Management Patterns, you will be able to build a secure OAuth 2.0 client application with full confidence and will completely understand what data is exchanged when performing an authorization grant flow.

                         

                        Approach

                        This is a practical and fast-paced guide that gives you all the information you need to start implementing secure OAuth 2.0 grant flows for your application (be it web, client-side, desktop, or server-side type of application.

                        Who this book is for

                        OAuth 2.0 Identity and Access Management Patterns is intended for software developers, software architects, and enthusiasts working with the OAuth 2.0 framework.

                        In order to learn and understand the OAuth 2.0 grant flow, it is assumed that you have some basic knowledge of HTTP communication. For the practical examples, basic knowledge of HTML templating, programming languages, and executing commands in the command line terminal is assumed.

                         

                        Code Download and Errata
                        Packt Anytime, Anywhere
                        Register Books
                        Print Upgrades
                        eBook Downloads
                        Video Support
                        Contact Us
                        Awards Voting Nominations Previous Winners
                        Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
                        Resources
                        Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software