万本电子书0元读

万本电子书0元读

顶部广告

OAuth 2.0 Identity and Access Management Patterns电子书

售       价:¥

22人正在读 | 0人评论 9.8

作       者:Martin Spasovski

出  版  社:Packt Publishing

出版时间:2013-11-25

字       数:60.9万

所属分类: 进口书 > 外文原版书 > 电脑/网络

温馨提示:此类商品不支持退换货,不支持下载打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
This is a practical and fast-paced guide that gives you all the information you need to start implementing secure OAuth 2.0 implementations in your web applications.OAuth 2.0 Identity and Access Management Patterns is intended for software developers, software architects, and enthusiasts working with the OAuth 2.0 framework. In order to learn and understand the OAuth 2.0 grant flow, it is assumed that you have some basic knowledge of HTTP communication. For the practical examples, basic knowledge of HTML templating, programming languages, and executing commands in the command line terminal is assumed.
目录展开

OAuth 2.0 Identity and Access Management Patterns

Table of Contents

OAuth 2.0 Identity and Access Management Patterns

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. Need for OAuth 2.0

Why OAuth 2.0?

Benefits of OAuth 2.0

API security

Internal enterprise applications

Service integration and authorization delegation

Federated identity

Easier service monitoring

Summary

2. Terms You Need To Know

Roles

Resource owner

Authorization server

Resource server

Client

Authorization flow

Abstract example

OAuth 2.0 grant flows

Tokens

Access token

Refresh token

Clients and endpoints

Client types and profiles

Endpoints

Access scope

Summary

3. First Step for Your Application

Client registration

Summary

4. OAuth for Web Server Applications

Authorization code grant

Requesting the authorization code

Making the request

Successful authorization

Authorization error

Requesting the access token

Making the request

Successful response

Practical example

Summary

5. OAuth for Client-side Applications

Implicit grant

Requesting authorization

Successful authorization

Authorization error

Practical example

Summary

6. OAuth for Mobile Applications

Custom URL scheme

Android

iOS

Implicit grant example

Requesting authorization

Successful authorization

Authorization error

Summary

7. OAuth for Trusted Applications

Resource owner password credentials grant

Requesting authorization

Successful authorization

Authorization error

Client credentials grant

Requesting authorization

Successful authorization

Authorization error

Practical example

Resource owner password credentials grant

Client credentials grant

Summary

8. Security Considerations

What is there to be protected

OAuth 2.0 security features

Scope

Token lifetime

The refresh token

Authorization code

Redirect URI

State

Client identifier

Security considerations

Use TLS

Ensure web server application protection

Ensure mobile and desktop application protection

Utilize the state parameter

Use refresh tokens when available

Request the needed scope only

Summary

9. Additional Security with SAML

SAML (2.0)

OAuth 2.0 assertions

Other assertion based specifications

OAuth 2.0 SAML bearer assertion grant flow

Preparing assertion

Requesting authorization

Successful authorization

Authorization error

OAuth 2.0 SAML assertions for client authentication

Requesting the access token

Authentication error

Summary

10. Common Tools and Libraries

Tools

OAuth 2.0 Playground

RESTClient

Postman

Libraries

C#

Clojure

Go

Java

JavaScript

Objective-C

Perl

PHP

Python

Ruby

Scala

Summary

A. OAuth 2.0 Resources

OAuth 2.0 specification

OAuth WG mailing list

OAuth 2.0 Threat Model and Security Considerations

The OAuth 2.0 Authorization Framework - Bearer Token Usage

Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants

SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants

OAuth website

Index

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部