OAuth 2.0 Identity and Access Management Patterns

Want to learn the world’s most widely used authorization framework? This tutorial will have you implementing secure Oauth 2.0 grant flows without delay. Written for practical application and clear instruction, it’s the complete guide.

OAuth 2.0 Identity and Access Management Patterns

Starting
Martin Spasovski

Want to learn the world’s most widely used authorization framework? This tutorial will have you implementing secure Oauth 2.0 grant flows without delay. Written for practical application and clear instruction, it’s the complete guide.
$20.99
$34.99
RRP $20.99
RRP $34.99
eBook
Print + eBook
$12.99 p/month

Want this title & more? Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.
+ Collection
Free sample

Book Details

ISBN 139781783285594
Paperback128 pages

About This Book

  • Build web, client-side, desktop, and server-side secure OAuth 2.0 client applications by utilizing the appropriate grant flow for the given scenario
  • Get to know the inner workings of OAuth 2.0 and learn how to handle and implement various authorization flows
  • Explore practical code examples that are executable as standalone applications running on top of Spring MVC

Who This Book Is For

OAuth 2.0 Identity and Access Management Patterns is intended for software developers, software architects, and enthusiasts working with the OAuth 2.0 framework.

In order to learn and understand the OAuth 2.0 grant flow, it is assumed that you have some basic knowledge of HTTP communication. For the practical examples, basic knowledge of HTML templating, programming languages, and executing commands in the command line terminal is assumed.

 

Table of Contents

Chapter 1: Need for OAuth 2.0
Why OAuth 2.0?
Benefits of OAuth 2.0
Summary
Chapter 2: Terms You Need To Know
Roles
Authorization flow
Tokens
Clients and endpoints
Access scope
Summary
Chapter 3: First Step for Your Application
Client registration
Summary
Chapter 4: OAuth for Web Server Applications
Authorization code grant
Practical example
Summary
Chapter 5: OAuth for Client-side Applications
Implicit grant
Requesting authorization
Practical example
Summary
Chapter 6: OAuth for Mobile Applications
Custom URL scheme
Implicit grant example
Summary
Chapter 7: OAuth for Trusted Applications
Resource owner password credentials grant
Client credentials grant
Practical example
Summary
Chapter 8: Security Considerations
What is there to be protected
OAuth 2.0 security features
Security considerations
Summary
Chapter 9: Additional Security with SAML
SAML (2.0)
OAuth 2.0 assertions
OAuth 2.0 SAML bearer assertion grant flow
OAuth 2.0 SAML assertions for client authentication
Summary
Chapter 10: Common Tools and Libraries
Tools
Libraries
Summary

What You Will Learn

  • Master the meaning of key terms used and defined in the OAuth 2.0 specification
  • Create OAuth 2.0 web applications and learn the Authorization Code grant
  • Generate client-side OAuth 2.0 applications and learn the Implicit grant
  • Design OAuth 2.0 mobile applications with the Implicit and Authorization Code grants
  • Develop trusted OAuth 2.0 applications and learn the Resource Owner Password Credentials grant and the Client Credentials grant
  • Understand which security features OAuth 2.0 contains, what information is to be protected, and what precautions should be put in place
  • Explore the basics of SAML 2.0 Assertions and how to use them as a means of additional security
  • Know which tools and libraries are available for faster development

 

In Detail

OAuth 2.0 has become the most widely used authorization framework. It provides an easy-to-use sign-in mechanism and allows users to quickly and efficiently secure service APIs. It also provides a protection layer for assets so that various third-party applications cannot have direct access to them. From service providers like Amazon and social media platforms like Facebook and Twitter to various internal enterprise solutions, OAuth 2.0 is the preferred standard for authorization.

OAuth 2.0 Identity and Access Management Patterns is a step-by-step guide to build web, client-side, desktop, and server-side secure OAuth 2.0 client applications by utilizing the appropriate authorization techniques.. This book will help you handle and implement various authorization flows for your chosen type of application. Furthermore, you will understand when and how OAuth 2.0 is used in enterprises for trusted and first-party applications. You will gain knowledge about the Resource Owner Password Credentials grant and the Client Credentials grant, and more importantly, you will understand how to implement them yourself with the help of practical code examples.

You will start by making various client applications step-by-step before moving on to client registration and implementing various OAuth 2.0 authorization flows. Furthermore, you will also be handling server responses with access tokens and errors. By the end of this book, you should understand precisely what it takes for these client applications to be secured.

This book helps you cover each type of application: web, client-side, desktop, and trusted applications. In addition, you are also shown how to implement various authorization grant flows for each of these applications. You will uncover the security features that are a part of OAuth 2.0. More importantly, the book demonstrates what information is transmitted during the execution of a flow, and which precautions can be made. With OAuth 2.0 Identity and Access Management Patterns, you will be able to build a secure OAuth 2.0 client application with full confidence and will completely understand what data is exchanged when performing an authorization grant flow.

 

Authors

Table of Contents

Chapter 1: Need for OAuth 2.0
Why OAuth 2.0?
Benefits of OAuth 2.0
Summary
Chapter 2: Terms You Need To Know
Roles
Authorization flow
Tokens
Clients and endpoints
Access scope
Summary
Chapter 3: First Step for Your Application
Client registration
Summary
Chapter 4: OAuth for Web Server Applications
Authorization code grant
Practical example
Summary
Chapter 5: OAuth for Client-side Applications
Implicit grant
Requesting authorization
Practical example
Summary
Chapter 6: OAuth for Mobile Applications
Custom URL scheme
Implicit grant example
Summary
Chapter 7: OAuth for Trusted Applications
Resource owner password credentials grant
Client credentials grant
Practical example
Summary
Chapter 8: Security Considerations
What is there to be protected
OAuth 2.0 security features
Security considerations
Summary
Chapter 9: Additional Security with SAML
SAML (2.0)
OAuth 2.0 assertions
OAuth 2.0 SAML bearer assertion grant flow
OAuth 2.0 SAML assertions for client authentication
Summary
Chapter 10: Common Tools and Libraries
Tools
Libraries
Summary

Book Details

ISBN 139781783285594
Paperback128 pages
Read More

Recommended for You

Instant Autodesk AutoCAD 2014 Customization with .NET
$ 19.99
Autodesk AutoCAD 2013 Practical 3D Drafting and Design
$ 32.99
Hacking Vim: A Cookbook to get the Most out of the Latest Vim Editor
$ 13.20
Instant Spring for Android Starter
$ 14.99