OAuth 2.0 Cookbook

Efficiently integrate OAuth 2.0 to protect your mobile, desktop, Cloud applications and APIs using Spring Security technologies.
Preview in Mapt

OAuth 2.0 Cookbook

Adolfo Eloy Nascimento

Efficiently integrate OAuth 2.0 to protect your mobile, desktop, Cloud applications and APIs using Spring Security technologies.
Mapt Subscription
FREE
$29.99/m after trial
eBook
$18.00
RRP $35.99
Save 49%
Print + eBook
$44.99
RRP $44.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$18.00
$44.99
$29.99 p/m after trial
RRP $35.99
RRP $44.99
Subscription
eBook
Print + eBook
Start 14 Day Trial

Frequently bought together


OAuth 2.0 Cookbook Book Cover
OAuth 2.0 Cookbook
$ 35.99
$ 18.00
DevOps with Kubernetes Book Cover
DevOps with Kubernetes
$ 39.99
$ 20.00
Buy 2 for $35.00
Save $40.98
Add to Cart

Book Details

ISBN 139781788295963
Paperback420 pages

Book Description

OAuth 2.0 is a standard protocol for authorization and focuses on client development simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on. This book also provides useful recipes for solving real-life problems using Spring Security and creating Android applications.

The book starts by presenting you how to interact with some public OAuth 2.0 protected APIs such as Facebook, LinkedIn and Google. You will also be able to implement your own OAuth 2.0 provider with Spring Security OAuth2. Next, the book will cover practical scenarios regarding some important OAuth 2.0 profiles such as Dynamic Client Registration, Token Introspection and how to revoke issued access tokens. You will then be introduced to the usage of JWT, OpenID Connect, and how to safely implement native mobile OAuth 2.0 Clients.

By the end of this book, you will be able to ensure that both the server and client are protected against common vulnerabilities.

Table of Contents

Chapter 1: OAuth 2.0 Foundations
Introduction
Preparing the environment
Reading the user's contacts from Facebook on the client side
Reading the user's contacts from Facebook on the server side
Accessing OAuth 2.0 LinkedIn protected resources
Accessing OAuth 2.0 Google protected resources bound to the user's session
Chapter 2: Implementing Your Own OAuth 2.0 Provider
Introduction
Protecting resources using the Authorization Code grant type
Supporting the Implicit grant type
Using the Resource Owner Password Credentials grant type as an approach for OAuth 2.0 migration
Configuring the Client Credentials grant type
Adding support for refresh tokens
Using a relational database to store tokens and client details
Using Redis as a token store
Implementing client registration
Breaking the OAuth 2.0 Provider in the middle
Using Gatling to load test the token validation process using shared databases
Chapter 3: Using OAuth 2.0 Protected APIs
Introduction
Creating an OAuth 2.0 client using the Authorization Code grant type
Creating an OAuth 2.0 client using the Implicit grant type
Creating an OAuth 2.0 client using the Resource Owner Password Credentials grant type
Creating an OAuth 2.0 client using the Client Credentials grant type
Managing refresh tokens on the client side
Accessing an OAuth 2.0 protected API with RestTemplate
Chapter 4: OAuth 2.0 Profiles
Introduction
Revoking issued tokens
Remote validation using token introspection
Improving performance using cache for remote validation
Using Gatling to load test remote token validation
Dynamic client registration
Chapter 5: Self Contained Tokens with JWT
Introduction
Generating access tokens as JWT
Validating JWT tokens at the Resource Server side
Adding custom claims on JWT
Asymmetric signing of a JWT token
Validating asymmetric signed JWT token
Using JWE to cryptographically protect JWT tokens
Using JWE at the Resource Server side
Using proof-of-possession key semantics on OAuth 2.0 Provider
Using proof-of-possession key on the client side
Chapter 6: OpenID Connect for Authentication
Introduction
Authenticating Google's users through Google OpenID Connect
Obtaining user information from Identity Provider
Using Facebook to authenticate users
Using Google OpenID Connect with Spring Security 5
Using Microsoft and Google OpenID providers together with Spring Security 5
Chapter 7: Implementing Mobile Clients
Introduction
Preparing an Android development environment
Creating an Android OAuth 2.0 client using an Authorization Code with the system browser
Creating an Android OAuth 2.0 client using the Implicit grant type with the system browser
Creating an Android OAuth 2.0 client using the embedded browser
Using the Password grant type for client apps provided by the OAuth 2 server
Protecting an Android client with PKCE
Using dynamic client registration with mobile applications
Chapter 8: Avoiding Common Vulnerabilities
Introduction
Validating the Resource Server audience
Protecting Resource Server with scope validation
Binding scopes with user roles to protect user's resources
Protecting the client against Authorization Code injection
Protecting the Authorization Server from invalid redirection

What You Will Learn

  • Use Redis and relational databases to store issued access tokens and refresh tokens
  • Access resources protected by the OAuth2 Provider using Spring Security
  • Implement a web application that dynamically registers itself to the Authorization Server
  • Improve the safety of your mobile client using dynamic client registration
  • Protect your Android client with Proof Key for Code Exchange
  • Protect the Authorization Server from invalid redirection

Authors

Table of Contents

Chapter 1: OAuth 2.0 Foundations
Introduction
Preparing the environment
Reading the user's contacts from Facebook on the client side
Reading the user's contacts from Facebook on the server side
Accessing OAuth 2.0 LinkedIn protected resources
Accessing OAuth 2.0 Google protected resources bound to the user's session
Chapter 2: Implementing Your Own OAuth 2.0 Provider
Introduction
Protecting resources using the Authorization Code grant type
Supporting the Implicit grant type
Using the Resource Owner Password Credentials grant type as an approach for OAuth 2.0 migration
Configuring the Client Credentials grant type
Adding support for refresh tokens
Using a relational database to store tokens and client details
Using Redis as a token store
Implementing client registration
Breaking the OAuth 2.0 Provider in the middle
Using Gatling to load test the token validation process using shared databases
Chapter 3: Using OAuth 2.0 Protected APIs
Introduction
Creating an OAuth 2.0 client using the Authorization Code grant type
Creating an OAuth 2.0 client using the Implicit grant type
Creating an OAuth 2.0 client using the Resource Owner Password Credentials grant type
Creating an OAuth 2.0 client using the Client Credentials grant type
Managing refresh tokens on the client side
Accessing an OAuth 2.0 protected API with RestTemplate
Chapter 4: OAuth 2.0 Profiles
Introduction
Revoking issued tokens
Remote validation using token introspection
Improving performance using cache for remote validation
Using Gatling to load test remote token validation
Dynamic client registration
Chapter 5: Self Contained Tokens with JWT
Introduction
Generating access tokens as JWT
Validating JWT tokens at the Resource Server side
Adding custom claims on JWT
Asymmetric signing of a JWT token
Validating asymmetric signed JWT token
Using JWE to cryptographically protect JWT tokens
Using JWE at the Resource Server side
Using proof-of-possession key semantics on OAuth 2.0 Provider
Using proof-of-possession key on the client side
Chapter 6: OpenID Connect for Authentication
Introduction
Authenticating Google's users through Google OpenID Connect
Obtaining user information from Identity Provider
Using Facebook to authenticate users
Using Google OpenID Connect with Spring Security 5
Using Microsoft and Google OpenID providers together with Spring Security 5
Chapter 7: Implementing Mobile Clients
Introduction
Preparing an Android development environment
Creating an Android OAuth 2.0 client using an Authorization Code with the system browser
Creating an Android OAuth 2.0 client using the Implicit grant type with the system browser
Creating an Android OAuth 2.0 client using the embedded browser
Using the Password grant type for client apps provided by the OAuth 2 server
Protecting an Android client with PKCE
Using dynamic client registration with mobile applications
Chapter 8: Avoiding Common Vulnerabilities
Introduction
Validating the Resource Server audience
Protecting Resource Server with scope validation
Binding scopes with user roles to protect user's resources
Protecting the client against Authorization Code injection
Protecting the Authorization Server from invalid redirection

Book Details

ISBN 139781788295963
Paperback420 pages
Read More

Read More Reviews

Recommended for You

DevOps with Kubernetes Book Cover
DevOps with Kubernetes
$ 39.99
$ 20.00
Architecting Modern Java EE Applications Book Cover
Architecting Modern Java EE Applications
$ 39.99
$ 20.00
Spring 5 Design Patterns Book Cover
Spring 5 Design Patterns
$ 35.99
$ 18.00
Machine Learning: End-to-End guide for Java developers Book Cover
Machine Learning: End-to-End guide for Java developers
$ 75.99
$ 38.00
Azure for Architects Book Cover
Azure for Architects
$ 35.99
$ 18.00
Learning Continuous Integration with Jenkins - Second Edition Book Cover
Learning Continuous Integration with Jenkins - Second Edition
$ 35.99
$ 18.00