OAuth 2 in Action

When my boss told me I was issuing a token to myself I knew I needed help.There I was needing to secure an API using Azure AD with no prior web authentication experience other than “we look up your hashed password in a database”. I didn’t know where to even begin! As it turned out I had to ask for help with the assignment but I knew I would need to brush up on this topic later on in my career.Fast forward a few months and I decided to pick up this book. I read every chapter and completed all the examples and I now feel like a true expert. In all honesty, the OAuth 2.0 flows themselves are not complex and their power lies in their simplicity, but this book does a great job at keeping a good pace and covers all the concepts throughly with consideration of the “why” and not just the “how”.I recommend reading the entire book for anyone that wants to have a solid grasp on OAuth but a crash course can be obtained by just reading parts one and two.I will say I was burned out by the time I reached chapters 14-15. They were simply too complex for me to retain at the time, but I am going to circle back and reread those chapters in the future. One other technical issue is the shipped code does not work with the latest NoSQL npm package so I had to find a workaround to get the assignments to work properly.If you were like me faced with securing an API and don’t know the difference is between an access code and a token, pick this up right now!

This is not only the most comprehensive book available about OAuth but it is also the most accessible, which is a neat trick to pull off. Justin and Antonio expertly guide the reader by providing an overview of what OAuth is by talking about why it came to be and what it was meant to solve. They describe the flow between all of the different players in the framework followed by dedicated chapters for each one of those participants before presenting the reader with more advanced topics. One of those is easily the best description ever written about dynamic client registration, which I have referred to many times in our own implementation. As a cybersecurity architect, I particularly appreciate the 50 pages of detailed discussion about common vulnerabilities of different parts of the system. It’s a fantastic resource that you’ll not only refer to again and again, but also a resource to lend to those new identity professionals that you’re trying to grow.

Folks did great job! Please write one more book on Open ID Connect, I'll buy it! I see that js is not primary language of authors or usage of js was by intention simplified since some readers might be not familiar with js. It was good surprise that book is on js. I like js. I will monitor and buy all next editions of that great book! Also authors linked many good articles about security. I was thinking about reading one web hacker book first before that one, but changed my mind, because of necessities on the project to use oauth2, I don't regret since book is really clear.

If you need a comprehensive OAuth guide, look no further.

This is a really good book. Include both message passing images and packet content. Well organized. I have bought a lot of software books but this is the best I have ever seen. If you need to know OAuth2 this is your ticket to ride. The page count is higher than other books pbecause they included the transistion drawings.

Great book, concise and very well written. Examples are well written and explained very well. If your looking for a thorough overview of OAuth 2 with some nice examples then this is the right book for you.

Bought the book to understand the standard. It covered the basics as well as introducing some extended classes like Open ID. Book came with code examples. Well worth the money. Easier to dive into than the standards themselves.

This book provides all of the details for you to understand and work with OAuth 2.0. The lab exercises supplied with the book really accentuate the information. This is a definite must have resource for both developers and credential management security experts.

Excelente libro, explicaciones claras y concisas, proporciona un conocimiento bastante amplio sobre qué es y cómo funciona OAuth.

This is a great book for anyone who wants to learn OAuth. This book has made a complex topic easy to digest. I have some exposure to OAuth/OIDC but there are some pieces that are always vague. After reading this book those vagueness went away. If you are new to OAuth/OIDC this book is definitely worth the time and effort.

très utile en complément pour les études

Die ersten 2 Kapitel geben einen sehr guten Einblick, wie OAuth an sich funktioniert. Danach wird das Wissen mit weiteren Erklärung, begleitet von praktischen Übungen, vertieft.Die Übungen erweitern ein vorhandenes nodejs-Projekt, dass auf github bereitsteht.Die Lösungen sind im Übungsprojekt vorhanden und können mit der eigenen Lösung verglichenwerden.Neben der Verwendung von OAuth in einem Web-Projekt, gibt es auch einige Übungen, wie man OAuth in einem Mobile-Projekt verwendet. Dafür arbeitet man mit einem Apache Cordova Projekt.Was sehr gelungen ist, ist die Abhandlung über die Sicherheit von OAuth und welche Schritte man unternehmen muss,um diese zu ge­währ­leis­ten.

This is the clearest book and description on OAuth2, examples are javascript but used as psuedo code which clearly explain coding to programmers.For example the section on introspection explained how to use it, when to use, why to use and when I wouldn't necessarily use it. I've not found any other source that covers all this together.