OAuth 2.0 Cookbook

Key Features

• Enhance your application’s security no matter the platform with OAuth 2.0
• Leverage OAuth 2.0 to protect your APIs and to access and secure your application’s data
• A recipe-based guide that will teach you to build an OAuth 2.0 environment for your mobile, desktop, and cloud applications.

Book Description

OAuth 2.0 is a standard protocol for authorization and it focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on. Given the documentation available for OAuth specification, you may think that it is complex however this book promises to explain the overall capabilities of OAuth 2.0 in simple terms. It focuses on providing specific authorization flows for various applications through interesting recipes. It also provides useful recipes for solving real life problems using Spring Security OAuth2.

The book starts by laying a strong foundation for setting up your environment by showing you how the code samples work. You will be able to implement your own OAuth 2.0 provider with Spring Security for creating authorization server and resource Server as a single application as well as separated applications. Next, the book will cover practical scenarios regarding some important OAuth 2.0 profiles and how to use each of them. You will then be introduced to the usage of JWT as a token type and mastering the art of effectively using them on distinct situations. Next, the book explains why OAuth 2.0 isn’t an authentication protocol followed by step by step instructions on logging in to your application using your Yahoo and PayPal account. Finally, you will learn to prepare the Android development environment with Android Studio and also improve the safety of your mobile client. By the end of this book, you will be able to ensure that both the server and client are protected against common vulnerabilities.

What you will learn

• Use Redis and Relational Database to store issued access tokens and refresh tokens
• Access the resources protected by the OAuth2 Provider using Spring Security
• Implement a web application that dynamically registers itself to the Authorization Server
• Improve the safety of your mobile client using dynamic client registration
• Prepare your Android development environment with Android Studio
• Protect the Authorization Server from invalid redirection

Table of Contents

Chapter 1. Oauth 2.0 Foundations
Chapter 2. Implementing Your Own Oauth 2.0 Provider
Chapter 3. Using Oauth 2.0 Protected Apis
Chapter 4. Oauth 2.0 Profiles
Chapter 5. Self Contained Tokens With Jwt
Chapter 6. Openid Connect For Authentication
Chapter 7. Implementing Mobile Clients
Chapter 8. Avoiding Common Vulnerabilities