Getting started with OAuth 2.0 /

Whether you develop web applications or mobile apps, the OAuth 2.0 protocol will save a lot of headaches. This concise introduction shows you how OAuth provides a single authorization technology across numerous APIs on the Web, so you can securely access users' data--such as user profiles, phot...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Boyd, Ryan
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Sebastopol, CA : O'Reilly, ©2012.
Edición:1st ed.
Temas:
OAuth.
Application program interfaces (Computer software)
World Wide Web > Security measures.
Web services > Access control.
Data protection.
Interfaces de programmation d'applications.
Web > Sécurité > Mesures.
Services Web > Accès > Contrôle.
Protection de l'information (Informatique)
APIs (interfaces)
EDUCATION > Computers & Technology.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Table of Contents; Preface; Conventions Used in This Book; Using Code Examples; Safari® Books Online; How to Contact Us; Acknowledgments; Chapter 1. Introduction; How OAuth Was Born; Why Developers Should Care About OAuth; Why Don't These APIs Just Use Passwords for Authorization?; Terminology; Authentication; Federated Authentication; Authorization; Delegated Authorization; Roles; The Great Debate over Signatures; Mitigating Concerns with Bearer Tokens; Signing Your OAuth 2.0 Requests; Getting the key; Making API requests; Developer and Application Registration.
  • Why Is Registration Necessary?Client Profiles, Access Tokens, and Authorization Flows; Client Profiles; Access Tokens; Authorization Flows; Chapter 2. Server-Side Web Application Flow; When Should the Authorization Code Flow Be Used?; Security Properties; User Experience; Step-by-Step; Step 1: Let the user know what you're doing and request authorization; Error handling; Step 2: Exchange authorization code for an access token; Why both access tokens and refresh tokens?; Step 3: Call the API; Error handling; Step 4a: Refresh the access token; Step 4b: Obtaining a new access token.
  • How Can Access Be Revoked?Chapter 3. Client-Side Web Applications Flow; When Should the Implicit Grant Flow Be Used?; Limitations of the Implicit Grant Flow; Security Properties; User Experience; Step-by-Step; Step 1: Let the user know what you're doing and request authorization; Error handling; Step 2: Parsing the access token from the URL; Step 3: Call the API; Step 4: Refreshing the access token; How Can Access Be Revoked?; Chapter 4. Resource Owner Password Flow; When Should the Resource Owner Password Flow Be Used?; Security Properties; User Experience; Step-by-Step.
  • Step 1: Ask the user for their credentialsStep 2: Exchange the credentials for an access token; Step 3: Call the API; Step 4: Refresh the access token; Chapter 5. Client Credentials Flow; When Should the Client Credentials Flow Be Used?; What APIs Support the Client Credentials Flow?; How Does the Client Authenticate?; Security Properties; Step-by-Step; Step 1: Exchange the application's credentials for an access token; Step 2: Call the API; When the Access Token Expires; Chapter 6. Getting Access to User Data from Mobile Apps; Why You Should Use OAuth for Native Mobile Apps.
  • What Flow Should Be Used for Native Mobile Apps?Do You Have a Mobile Backend Web Server for Your Application?; The (Ugly) Web Browser; Embedded WebView; System Web Browser; Enhanced Mobile App Authorization for Specific Providers; For Google; For Facebook; Chapter 7. OpenID Connect Authentication; ID Token; Security Properties; Obtaining User Authorization; Check ID Endpoint; UserInfo Endpoint; Performance Improvements; Practical OpenID Connect; For Google; For Facebook; OpenID Connect Evolution; Chapter 8. Tools and Libraries; Google's OAuth 2.0 Playground; Google's TokenInfo Endpoint.

Ejemplares similares