OAuth 2.0 Identity and Access Management Patterns. Want to learn the world's most widely used authorization framework? This tutorial will have you implementing secure Oauth 2.0 grant flows without delay. Written for practical application and clear instruc - Helion

ebook

Autor: Martin Spasovski
Tytuł oryginału: OAuth 2.0 Identity and Access Management Patterns. Want to learn the world's most widely used authorization framework? This tutorial will have you implementing secure Oauth 2.0 grant flows without delay. Written for practical application and clear instruc
ISBN: 9781783285600
stron: 128, Format: ebook
Data wydania: 2013-11-25
Księgarnia: Helion

Cena książki: 99,90 zł

Osoby, które kupiły tę książkę, wybierały także »

OAuth 2.0 has become the most widely used authorization framework. It provides an easy-to-use sign-in mechanism and allows users to quickly and efficiently secure service APIs. It also provides a protection layer for assets so that various third-party applications cannot have direct access to them. From service providers like Amazon and social media platforms like Facebook and Twitter to various internal enterprise solutions, OAuth 2.0 is the preferred standard for authorization.OAuth 2.0 Identity and Access Management Patterns is a step-by-step guide to build web, client-side, desktop, and server-side secure OAuth 2.0 client applications by utilizing the appropriate authorization techniques.. This book will help you handle and implement various authorization flows for your chosen type of application. Furthermore, you will understand when and how OAuth 2.0 is used in enterprises for trusted and first-party applications. You will gain knowledge about the Resource Owner Password Credentials grant and the Client Credentials grant, and more importantly, you will understand how to implement them yourself with the help of practical code examples.You will start by making various client applications step-by-step before moving on to client registration and implementing various OAuth 2.0 authorization flows. Furthermore, you will also be handling server responses with access tokens and errors. By the end of this book, you should understand precisely what it takes for these client applications to be secured.

This book helps you cover each type of application: web, client-side, desktop, and trusted applications. In addition, you are also shown how to implement various authorization grant flows for each of these applications. You will uncover the security features that are a part of OAuth 2.0. More importantly, the book demonstrates what information is transmitted during the execution of a flow, and which precautions can be made. With OAuth 2.0 Identity and Access Management Patterns, you will be able to build a secure OAuth 2.0 client application with full confidence and will completely understand what data is exchanged when performing an authorization grant flow.

Osoby które kupowały "OAuth 2.0 Identity and Access Management Patterns. Want to learn the world's most widely used authorization framework? This tutorial will have you implementing secure Oauth 2.0 grant flows without delay. Written for practical application and clear instruc", wybierały także:

Windows Media Center. Domowe centrum rozrywki 66,67 zł, (8,00 zł -88%)
Ruby on Rails. Ćwiczenia 18,75 zł, (3,00 zł -84%)
DevOps w praktyce. Kurs video. Jenkins, Ansible, Terraform i Docker 190,00 zł, (39,90 zł -79%)
Przywództwo w świecie VUCA. Jak być skutecznym liderem w niepewnym środowisku 58,64 zł, (12,90 zł -78%)
Scrum. O zwinnym zarządzaniu projektami. Wydanie II rozszerzone 58,64 zł, (12,90 zł -78%)

Spis treści

OAuth 2.0 Identity and Access Management Patterns. Want to learn the world's most widely used authorization framework? This tutorial will have you implementing secure Oauth 2.0 grant flows without delay. Written for practical application and clear instruction, it's the complete guide eBook -- spis treści

OAuth 2.0 Identity and Access Management Patterns
- Table of Contents
- OAuth 2.0 Identity and Access Management Patterns
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
  - Support files, eBooks, discount offers and more
    - Why Subscribe?
    - Free Access for Packt account holders
- Preface
  - What this book covers
  - What you need for this book
  - Who this book is for
  - Conventions
  - Reader feedback
  - Customer support
    - Downloading the example code
    - Errata
    - Piracy
    - Questions
- 1. Need for OAuth 2.0
  - Why OAuth 2.0?
  - Benefits of OAuth 2.0
    - API security
    - Internal enterprise applications
    - Service integration and authorization delegation
    - Federated identity
    - Easier service monitoring
  - Summary
- 2. Terms You Need To Know
  - Roles
    - Resource owner
    - Authorization server
    - Resource server
    - Client
  - Authorization flow
    - Abstract example
    - OAuth 2.0 grant flows
  - Tokens
    - Access token
    - Refresh token
  - Clients and endpoints
    - Client types and profiles
    - Endpoints
  - Access scope
  - Summary
- 3. First Step for Your Application
  - Client registration
  - Summary
- 4. OAuth for Web Server Applications
  - Authorization code grant
    - Requesting the authorization code
      - Making the request
      - Successful authorization
      - Authorization error
    - Requesting the access token
      - Making the request
      - Successful response
  - Practical example
  - Summary
- 5. OAuth for Client-side Applications
  - Implicit grant
  - Requesting authorization
    - Successful authorization
    - Authorization error
  - Practical example
  - Summary
- 6. OAuth for Mobile Applications
  - Custom URL scheme
    - Android
    - iOS
  - Implicit grant example
    - Requesting authorization
    - Successful authorization
    - Authorization error
  - Summary
- 7. OAuth for Trusted Applications
  - Resource owner password credentials grant
    - Requesting authorization
    - Successful authorization
    - Authorization error
  - Client credentials grant
    - Requesting authorization
    - Successful authorization
    - Authorization error
  - Practical example
    - Resource owner password credentials grant
    - Client credentials grant
  - Summary
- 8. Security Considerations
  - What is there to be protected
  - OAuth 2.0 security features
    - Scope
    - Token lifetime
    - The refresh token
    - Authorization code
    - Redirect URI
    - State
    - Client identifier
  - Security considerations
    - Use TLS
    - Ensure web server application protection
    - Ensure mobile and desktop application protection
    - Utilize the state parameter
    - Use refresh tokens when available
    - Request the needed scope only
  - Summary
- 9. Additional Security with SAML
  - SAML (2.0)
  - OAuth 2.0 assertions
    - Other assertion based specifications
  - OAuth 2.0 SAML bearer assertion grant flow
    - Preparing assertion
    - Requesting authorization
    - Successful authorization
    - Authorization error
  - OAuth 2.0 SAML assertions for client authentication
    - Requesting the access token
    - Authentication error
  - Summary
- 10. Common Tools and Libraries
  - Tools
    - OAuth 2.0 Playground
    - RESTClient
    - Postman
  - Libraries
    - C#
    - Clojure
    - Go
    - Java
    - JavaScript
    - Objective-C
    - Perl
    - PHP
    - Python
    - Ruby
    - Scala
  - Summary
- A. OAuth 2.0 Resources
  - OAuth 2.0 specification
  - OAuth WG mailing list
  - OAuth 2.0 Threat Model and Security Considerations
  - The OAuth 2.0 Authorization Framework - Bearer Token Usage
  - Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
  - SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
  - OAuth website
- Index