Please note: In order to keep Hive up to date and provide users with the best features, we are no longer able to fully support Internet Explorer. The site is still available to you, however some sections of the site may appear broken. We would encourage you to move to a more modern browser like Firefox, Edge or Chrome in order to experience the site fully.

OAuth 2 in Action, EPUB eBook

OAuth 2 in Action EPUB


Please note: eBooks can only be purchased with a UK issued credit card and all our eBooks (ePub and PDF) are DRM protected.


Provides pragmatic guidance on what to do ... and what not to do. - From the Foreword by Ian Glazer, Salesforce

OAuth 2 in Action teaches you the practical use and deployment of this HTTP-based protocol from the perspectives of a client, authorization server, and resource server. Youll learn how to confidently and securely build and deploy OAuth on both the client and server sides. Foreword by Ian Glazer.

Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.

About the Technology

Think of OAuth 2 as the web version of a valet key. It is an HTTP-based security protocol that allows users of a service to enable applications to use that service on their behalf without handing over full control. And OAuth is used everywhere, from Facebook and Google, to startups and cloud services.

About the Book

OAuth 2 in Action teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server. Youll begin with an overview of OAuth and its components and interactions. Next, youll get hands-on and build an OAuth client, an authorization server, and a protected resource. Then youll dig into tokens, dynamic client registration, and more advanced topics. By the end, youll be able to confidently and securely build and deploy OAuth on both the client and server sides.

Whats Inside

  • Covers OAuth 2 protocol and design
  • Authorization with OAuth 2
  • OpenID Connect and User-Managed Access
  • Implementation risks
  • JOSE, introspection, revocation, and registration
  • Protecting and accessing REST APIs

About the Reader

Readers need basic programming skills and knowledge of HTTP and JSON.

About the Author

Justin Richer is a systems architect and software engineer. Antonio Sanso is a security software engineer and a security researcher. Both authors contribute to open standards and open source.

Table of Contents

  1. What is OAuth 2.0 and why should you care?
  2. The OAuth dance
  3. Building a simple OAuth client
  4. Building a simple OAuth protected resource
  5. Building a simple OAuth authorization server
  6. OAuth 2.0 in the real world
  7. Common client vulnerabilities
  8. Common protected resources vulnerabilities
  9. Common authorization server vulnerabilities
  10. Common OAuth token vulnerabilities
  11. OAuth tokens
  12. Dynamic client registration
  13. User authentication with OAuth 2.0
  14. Protocols and profiles using OAuth 2.0
  15. Beyond bearer tokens
  16. Summary and conclusions

Part 1 - First steps

Part 2 - Building an OAuth 2 environment

Part 3 - OAuth 2 implementation and vulnerabilities

Part 4 - Taking OAuth further


Other Formats


Also by Justin Richer